Jump to content

Recommended Posts

Hello,

I am working on a little multiplayer game. When a person logs in, a session is created storing their username and their character is set to "online" in the database. I then query my database and use for each to display all the characters who are set to "online" on the game map.

 

I'm not sure how I would go about letting the players attack each other. The attack can be used by just clicking on the other character, but I'm not sure how I would update the health in the database for the character who was attacked. does anyone have any ideas?

 

Sorry if this question is a bit vague, I'm confused myself.

 

Thanks for any tips.

Link to comment
https://forums.phpfreaks.com/topic/296982-how-would-i-go-about-doing-this/
Share on other sites

When a user  clicks on a other player, you pass their player id and the (style type of) attack to your processing script. You then run an update query which takes away the health points in an update query

UPDATE players SET health = health - $attackDamage WHERE id = $playerid

Okay, this is what I came up with. It works but still lets the player attack other people by changing the information in the url bar. Is there any way to change this?

        $username = null;
	if (isset($_REQUEST['username']))
		{
		$username = $_REQUEST['username'];
		}

	$attackverify = null;
	if (isset($_REQUEST['attackverify']))
		{
		$attackverify = $_REQUEST['attackverify'];
		}

	// SESSION USERNAME

	$sesusername = $_SESSION['auth'];

	// FIND ONLINE PLAYERS

	$sql = "SELECT * FROM login WHERE online='online'";
	foreach($connect->query($sql) as $row)
		{
		$un = $row['username'];

		// CANNOT ATTACK YOURSELF

		if ($sesusername == $un)
			{
			echo <<<CODE

// THIS CODE HAS NO ATTACK LINK

<img style="position:absolute; top:{$row['pos_y']}px; left:{$row['pos_x']}px;" src="engine/img/{$row['username']}.gif">
<span style="left:{$nameposx}px;top:{$nameposy}px;color:#fff;position:absolute;">{$row['username']}</span>

CODE;
			}
		  else
			{

			// ATTACK THE ENEMY

			echo <<<CODE

// THIS CODE DOES HAVE AN ATTACK LINK

<a href="?attackverify=yes&username={$row['username']}">
<img style="position:absolute; top:{$row['pos_y']}px; left:{$row['pos_x']}px;" src="engine/img/{$row['username']}.gif">
</a>
<span style="left:{$nameposx}px;top:{$nameposy}px;color:#fff;position:absolute;">{$row['username']}</span>

CODE;
			}
		}

	// HANDLE THE ATTACK

	if ($attackverify == "yes")
		{
		echo 'you attacked' . $username;

		// ATTACK SQL QUERY GOES HERE
		// RELOAD THE PAGE AFTER ATTACK

		reloadPage();
		}
	}

what you are currently doing, lets the player attack other people by clicking on a link. if they change the value in the url and can accomplish the same thing as clicking on one of the other links, what difference does it make?

 

what specifically about being able to submit a value in the url to attack other people vs clicking on a link to attack other people is a problem?

 

edit: submitting data that changes something on the server should be handled using a post method form. url get parameters should control what is displayed, i.e. gotten, on the page. this won't prevent someone from submitting any value they want, because anyone can submit any data via post or get that they want.

Edited by mac_gyver

You may want to consider an AJAX-based click event handler.

$(function(){
	$('.attack_enemy').on('click', function(e){
		$.ajax({
			type:'post',
			url:'your-processing-script',
			data:{
				'username':$(this).attr('data-username'),
				'attackverify':true,
			},
			success:function(data){
				if(data.status == 'success'){
					alert('You attacked, homie!');
				}else{
					alert('Sorry, looks like you tripped and missed.');
				}
			}
		});
	});
});

Of course, the details of your processing script are left out of this, and it's assuming you've added username as a data- attribute to the attack link. This way you're avoiding a page reload, and the data isn't as easily spoofed by the user. Of course, it's certainly not secure or concrete as listed above - you'll need take the proper steps to verify and validate the submitted data in both the JS and php.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.