rpg attack system, need help on to make unique forms

[Monkuar]

like I don't want people to beable to use tamper data and just send in requests "ATTACKMOnster" "health/etc"....

 

I need to setup some type of button or $_POST that can only be clicked/etc (Serverside too) if a user is actually killing a monster or clicking "Attack".......  Any idea? 

 

Hard to explain, but I need some type of mini captcha system in-game while people are attacking/killing mobs, so they just cant macro or refresh crap.

 

(It's possible I guess to set a row in their column with a timestamp) via MYSQL and don't let them spam attacks/etc ( Kind of like a speedhack check? )

 

thx

 

 

EDIT: TLDR..

 

Think of a hack in a MMORPG that sucks all the mobs and autoattacks, same thing here, but with PHP, how to stop that?

Edited May 27, 2013 by Monkuar

[Muddy_Funster]

preventing people from botting has been a bugbear of MMO developers for as long as there have been MMOs.  There's not enough to work with for us to make practical suggestions for your code,

[jcbones]

Without extensive look at your code, I would suggest looking at tokens based on time. Setting the token in the session, and then making sure the next page request matches that token. Of, course, you would change the token each new request.

[mac_gyver]

you need to generate unique one-time tokens that are output in forms/links that are 'consumed' when they are used.

 

by only producing a token at the appropriate point (a token produced at the point of starting an attack on a specific recourse, can only be used to carry out it's corresponding action on that resource) and by marking the token as being used once it has been submitted, you insure that someone at least visited the correct starting point to carry out an action and that they can only perform that action once per visit to that starting point.

 

by keeping a recent history of the tokens, the action/resource the are for, and a timestamp of when they were created and used, you can create logic to prevent some of the automated flooding.

[Monkuar]

Would a more simplier idea be, just give users 150 "Stamina" per day? Each mob or XX amount of mobs killed, they lose X amount of stamina? Then they can either buy extra stamina through in-game cash shop/points/gold/etc?

 

The token system, is like a column name in their character row, with a timestamp being updated? Or a table called character_tokens, with all the game mechanics and then fill that with their user_id, character_id, timestamp/etc?

[Q695]

Do the calculations server side, and have the character interactions be the only thing going to the client.

[Monkuar]

I'm doing this so people cannot spam attacks vs mob.

 

 

session_start();

if(isset($_SESSION['last_visit']) && time() - $_SESSION['last_visit'] < 2.5) {

    echo '<script>createToast("How can you swing your sword so fast?","danger",2500);</script>';exit;

}

$_SESSION['last_visit'] = time();

 

 

Also everything is serverside, and the mob will eventually die, or your character will die again..

 

Once that happens, how would I make it so the user revives? Do a small number verification captcha to have your character revive? (Seems like it would help mitigate automated refreshes?)

[Q695]

Then put a dynamic string on each target to look up the target when it's being attacked.