cloudll Posted June 23, 2015 Share Posted June 23, 2015 Hello, I am working on a little multiplayer game. When a person logs in, a session is created storing their username and their character is set to "online" in the database. I then query my database and use for each to display all the characters who are set to "online" on the game map. I'm not sure how I would go about letting the players attack each other. The attack can be used by just clicking on the other character, but I'm not sure how I would update the health in the database for the character who was attacked. does anyone have any ideas? Sorry if this question is a bit vague, I'm confused myself. Thanks for any tips. Quote Link to comment https://forums.phpfreaks.com/topic/296982-how-would-i-go-about-doing-this/ Share on other sites More sharing options...
Ch0cu3r Posted June 23, 2015 Share Posted June 23, 2015 When a user clicks on a other player, you pass their player id and the (style type of) attack to your processing script. You then run an update query which takes away the health points in an update query UPDATE players SET health = health - $attackDamage WHERE id = $playerid Quote Link to comment https://forums.phpfreaks.com/topic/296982-how-would-i-go-about-doing-this/#findComment-1514692 Share on other sites More sharing options...
cloudll Posted June 23, 2015 Author Share Posted June 23, 2015 An okay, thanks. What would be the best way to pass the id variable, as part of the url? Or can it be done behind the scenes? Quote Link to comment https://forums.phpfreaks.com/topic/296982-how-would-i-go-about-doing-this/#findComment-1514693 Share on other sites More sharing options...
cloudll Posted June 23, 2015 Author Share Posted June 23, 2015 Okay, this is what I came up with. It works but still lets the player attack other people by changing the information in the url bar. Is there any way to change this? $username = null; if (isset($_REQUEST['username'])) { $username = $_REQUEST['username']; } $attackverify = null; if (isset($_REQUEST['attackverify'])) { $attackverify = $_REQUEST['attackverify']; } // SESSION USERNAME $sesusername = $_SESSION['auth']; // FIND ONLINE PLAYERS $sql = "SELECT * FROM login WHERE online='online'"; foreach($connect->query($sql) as $row) { $un = $row['username']; // CANNOT ATTACK YOURSELF if ($sesusername == $un) { echo <<<CODE // THIS CODE HAS NO ATTACK LINK <img style="position:absolute; top:{$row['pos_y']}px; left:{$row['pos_x']}px;" src="engine/img/{$row['username']}.gif"> <span style="left:{$nameposx}px;top:{$nameposy}px;color:#fff;position:absolute;">{$row['username']}</span> CODE; } else { // ATTACK THE ENEMY echo <<<CODE // THIS CODE DOES HAVE AN ATTACK LINK <a href="?attackverify=yes&username={$row['username']}"> <img style="position:absolute; top:{$row['pos_y']}px; left:{$row['pos_x']}px;" src="engine/img/{$row['username']}.gif"> </a> <span style="left:{$nameposx}px;top:{$nameposy}px;color:#fff;position:absolute;">{$row['username']}</span> CODE; } } // HANDLE THE ATTACK if ($attackverify == "yes") { echo 'you attacked' . $username; // ATTACK SQL QUERY GOES HERE // RELOAD THE PAGE AFTER ATTACK reloadPage(); } } Quote Link to comment https://forums.phpfreaks.com/topic/296982-how-would-i-go-about-doing-this/#findComment-1514759 Share on other sites More sharing options...
mac_gyver Posted June 24, 2015 Share Posted June 24, 2015 (edited) what you are currently doing, lets the player attack other people by clicking on a link. if they change the value in the url and can accomplish the same thing as clicking on one of the other links, what difference does it make? what specifically about being able to submit a value in the url to attack other people vs clicking on a link to attack other people is a problem? edit: submitting data that changes something on the server should be handled using a post method form. url get parameters should control what is displayed, i.e. gotten, on the page. this won't prevent someone from submitting any value they want, because anyone can submit any data via post or get that they want. Edited June 24, 2015 by mac_gyver Quote Link to comment https://forums.phpfreaks.com/topic/296982-how-would-i-go-about-doing-this/#findComment-1514784 Share on other sites More sharing options...
maxxd Posted June 24, 2015 Share Posted June 24, 2015 You may want to consider an AJAX-based click event handler. $(function(){ $('.attack_enemy').on('click', function(e){ $.ajax({ type:'post', url:'your-processing-script', data:{ 'username':$(this).attr('data-username'), 'attackverify':true, }, success:function(data){ if(data.status == 'success'){ alert('You attacked, homie!'); }else{ alert('Sorry, looks like you tripped and missed.'); } } }); }); }); Of course, the details of your processing script are left out of this, and it's assuming you've added username as a data- attribute to the attack link. This way you're avoiding a page reload, and the data isn't as easily spoofed by the user. Of course, it's certainly not secure or concrete as listed above - you'll need take the proper steps to verify and validate the submitted data in both the JS and php. Quote Link to comment https://forums.phpfreaks.com/topic/296982-how-would-i-go-about-doing-this/#findComment-1514785 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.