Jump to content

Recommended Posts

X-Posted several places.

 

Alright, so I'm gonna be trying to make my first PHP game.

For my first project I will attempt to duplicate the popular "higher/lower" strategy/chance game.

 

I know how to make the number displayed random:

 

<?php
print rand(0, 25) ;
?>

 

But I don't know how to make the input buttons to choose "higher" and "lower"

 

I know I have to make an If...Else... loop but I'm not sure how it works. I'm very new to PHP, so could someone help me out?

 

(If you're not familiar with this game join nutrinopets.com and go to their games section...it's a pretty simple and intuitive game actually)

So basically....they generate two random numbers between one and twenty-five. The first one is shown to you, the other one you can't see until the next page. (it's really a one-page self-redirecting script) You have to guess if the secret number is lower or higher than the number they show you, by clicking a "higher" or "lower" button. Then, depending on whether you get it right or wrong, you either get a message saying something like "You won! Do you want to keep playing?(with a link to re-start)" or "You lose. Play again?(again, a link to re-start)" It's a bit more complicated than that because you have a "pot," when you win you store money in it and it builds up the more times you win, and when you lose it gets emptied. But I can add that part later. Right now I'm interested in the basic structure of the game.

 

Here's what someone else told me.

 

Script analysis:

 

STEP 1

-choose a random number between 1-14(1...10, jack, queen, king, ace) (I was going to use 1-25 but maybe a real card-based format would be good, so I'll change it)

-create a form with 2 hidden fields(call one card and set it to your random number and call one action and set it to higher) and a submit button (http://www.w3schools.com/html/html_forms.asp) -> don't forget the method your using is post

- do the same for lower

 

Now, honestly, I have NO idea how to do that. I mean, I understand the logic but I don't know the first piece of code to write.

 

I'd appreciate it ever so muchly if I could get help on this. Like I said, I'm a complete PHP noob.

 

You're trying to generate an HTML form, so this really belongs in the HTML board.  Anyways, here is a short example:

 

<?php

  // First check if the form was submitted
  if(count($_POST)){
    // There are items in the $_POST array, thus it was submitted
    echo "<pre style=\"text-align: left;\">" . print_r($_POST, true) . "</pre>";
    exit();
  }

  // If we made it here the form was not submitted, so we display the form instead

  // Generate a single random number
  $num = rand(1, 25);

  // Exit PHP mode and display a form
?>
<form method="post" action="">
  <p>The number is:</p>
  <p style="text-align: center;"><?php echo $num; ?></p>
  <p style="text-align: center;">
    <input type="hidden" name="num" value="<?php echo $num; ?>" />
    <input type="submit" name="lower" value="Lower" />
    <input type="submit" name="higher" value="Higher" />
  </p>
</form>

 

There is a glaring security hole in the design of this game, but we'll worry about that later.

I'd do it by:

 

When you create the card, set the number into a session variable... then just have an option for higher or lower.

 

Make another card, see if it is higher or lower then the session variable number, then throw your output.

 

Basically

 

<?php
// Start session
session_start();

if(!empty($_SESSION['lastnum']))
{
  $lastnum = $_SESSION['lastnum'];
}
else
{
  $lastnum = null;
}

if(!empty($_POST['choose']))
{
  $choose = $_POST['choose'];
}

// Make a new card
$thisnum = rand(1,14);
$_SESSION['lastnum'] = $thisnum;

$self = $_SERVER['PHP_SELF'];

// Compare
if( ($choose == "higher" && $thisnum > $lastnum) || ($choose == "lower" && $thisnum < $lastnum) || ($choose == "same" && $thisnum == $lastnum) )
{
  // They were right
  print "Last card was $lastnum, You chose $choose and were right! Current card is $thisnum.... choose higher or lower.<br />";
  print "<form name='chooseform' action='$self' method='post'>"
         ."<input type='radio' name='choose' value='higher' />Higher<br />"
	 ."<input type='radio' name='choose' value='same' />The same<br />"
         ."<input type='radio' name='choose' value='lower' />Lower<br />"
         ."<input type='submit' name='submit' value='Submit' />"
         ."</form>";
}
elseif (empty($_POST['choose']))
{
print "Card is $thisnum. Choose higher or lower.";
  print "<form name='chooseform' action='$self' method='post'>"
         ."<input type='radio' name='choose' value='higher' />Higher<br />"
	 ."<input type='radio' name='choose' value='same' />The same<br />"
         ."<input type='radio' name='choose' value='lower' />Lower<br />"
         ."<input type='submit' name='submit' value='Submit' />"
         ."</form>";
}
else
{
  print "Last card was $lastnum, You chose $choose and were wrong. Current card is $thisnum.<br />";
  print "<a href='$self'>Try again?</a>";
}

?>

 

Update : Tested, couple of errors fixed.. works perfectly, if basic.

IMO you should still include the original value as a hidden parameter; that way you can check it against the one stored in the sessions, discover who the cheaters are, ban them from your site (temporarily), and maybe even redirect them to tub girl.

Why put it as a hidden input? Surely if someone's intelligent enough to change my session variables on the server, they can make a browser spoof a hidden input field?

 

Plus they're too clever to be trying to cheat a card game anyway...

 

Session data is more secure then a hidden field, and does the job just as well.

this should give you a start

<?php
session_start();
$cards = array (2,3,4,5,6,7,8,9,10,'J','Q','K','A');
$card_picked = array_rand($cards);

if (isset($_GET['sub']))
{
    switch($_GET['sub'])
    {
        case 'Higher':
            echo $card_picked > $_SESSION['card'] ? '<h1>Win</h1>' : '<h1>Lose</h1>';
            break;
        case 'Lower':
            echo $card_picked < $_SESSION['card'] ? '<h1>Win</h1>' : '<h1>Lose</h1>';
            break;
            
    }
    echo '<hr>';
}
$show_card = $cards[$card_picked];
$_SESSION['card'] = $card_picked;
?>
<form>
<p>The card is <?php echo $show_card?></p>
<p>Is the next card <input type="submit" name="sub" value="Higher"> or <input type="submit" name="sub" value="Lower">
</form>

Why put it as a hidden input? Surely if someone's intelligent enough to change my session variables on the server, they can make a browser spoof a hidden input field?

 

You totally missed the point.  I was agreeing with you that a $_SESSION variable is the best way to temporarily retain the value, since it can't be changed by the user like a hidden input could.

 

But I was then saying add the hidden input anyways.  Anyone who is tempted to cheat is first going to inspect the HTML of the form.  If you fool them into thinking the value that will be compared is stored as an input it should be easy to discover who are the users that attempt to cheat.  You would know they attempted to cheat because you could compare the value from the hidden field to the correct value in the $_SESSION.

Why try to trick your users though?

 

I don't actively seek out people who might try to cheat on a small game, just make your scripts secure enough that they aren't at risk.

 

Setting traps for users isn't a good way to run a website IMO

I don't know.  If someone's trying to be clever, you just get to show them that you're more clever and output some snarky message.  Banning is a bit much, but I know I'd be amused if that happened to me.

 

You could have the hidden input and simply put a completely unrelated value in it.

It depends on the site IMO.  I wouldn't take the time to do it in the majority of sites I created.  But if you were running an online MMO that had paid subscribers, I think you owe it to your users to try and eliminate cheating as much as possible.  Also, setting a very clear standard that you attempt to detect cheating and punish those that do is a good way to prevent it in the first place.  After all, you'd be scaring away cheaters, not honest customers.  Just MO.

This is very intresting, I'm actually working on some things, but there is some idea's. Yeah I agree, Make it impossible to cheat, but detecting cheating is good to. It's simply like that "You shouldn't be trying in the first place." Simply no cheating is a rule, if you add one.

If you don't give them the opportunity, they wont cheat.

 

Your users are the life of your website. It only takes a few people to realise you're deliberately making bugs to trap people and an entire community can turn against you.

 

Make your scripts as secure as possible, and put emphasis on logging of actions, but I really hate the idea of laying "bugs" for your users.

 

Quick list of reasons

1) It can make people think you dont trust them, they leave

2) It can make people think you're an insecure coder (I see a hidden form field with an important value, I don't try to exploit it - I navigate rapidly away from the page)

3) It will add (a small amount of) "lag" to your pages, and a little bandwidth. Each time you submit an extra field, you have to send it to the browser, make it and send the POST data back. If you hit 10million users, each playing "Higher/Lower" for 2 hours a day, you're looking at a hefty chunk of bandwidth.

4) It's... well, not immoral, just not a nice thing to do, IMO. You say "no cheating" then deliberately leave a bug?

5) It's something else to go wrong

6) It's the wrong way to look at security. Don't try to catch "bug exploiters" using bugs you know of. Your aim is to not have bugs, or find the ones in the scripts asap. Not ban a list of users every day, who are more then likely kids anyway.

7) The people who are serious about damaging your site won't use bugs like this anyway. What do they care about a small game - they will try to do much more damage. Concentrate your efforts on stopping these people.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.