Jump to content

Recommended Posts

like I don't want people to beable to use tamper data and just send in requests "ATTACKMOnster" "health/etc"....

 

I need to setup some type of button or $_POST that can only be clicked/etc (Serverside too) if a user is actually killing a monster or clicking "Attack".......  Any idea? 

 

Hard to explain, but I need some type of mini captcha system in-game while people are attacking/killing mobs, so they just cant macro or refresh crap.

 

(It's possible I guess to set a row in their column with a timestamp) via MYSQL and don't let them spam attacks/etc ( Kind of like a speedhack check? :P)

 

thx

 

 

EDIT: TLDR..

 

Think of a hack in a MMORPG that sucks all the mobs and autoattacks, same thing here, but with PHP, how to stop that?

Edited by Monkuar

Without extensive look at your code, I would suggest looking at tokens based on time. Setting the token in the session, and then making sure the next page request matches that token. Of, course, you would change the token each new request.

you need to generate unique one-time tokens that are output in forms/links that are 'consumed' when they are used.

 

by only producing a token at the appropriate point (a token produced at the point of starting an attack on a specific recourse, can only be used to carry out it's corresponding action on that resource) and by marking the token as being used once it has been submitted, you insure that someone at least visited the correct starting point to carry out an action and that they can only perform that action once per visit to that starting point.

 

by keeping a recent history of the tokens, the action/resource the are for, and a timestamp of when they were created and used, you can create logic to prevent some of the automated flooding.

Would a more simplier idea be, just give users 150 "Stamina" per day? Each mob or XX amount of mobs killed, they lose X amount of stamina? Then they can either buy extra stamina through in-game cash shop/points/gold/etc?

 

The token system, is like a column name in their character row, with a timestamp being updated? Or a table called character_tokens, with all the game mechanics and then fill that with their user_id, character_id, timestamp/etc?

I'm doing this so people cannot spam attacks vs mob.

 

 

session_start();
if(isset($_SESSION['last_visit']) && time() - $_SESSION['last_visit'] < 2.5) {
    echo '<script>createToast("How can you swing your sword so fast?","danger",2500);</script>';exit;
}
$_SESSION['last_visit'] = time();

 

 

Also everything is serverside, and the mob will eventually die, or your character will die again..

 

Once that happens, how would I make it so the user revives? Do a small number verification captcha to have your character revive? (Seems like it would help mitigate automated refreshes?) :D

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.