NEaB Today

Tales of a space merchant game

Fri, 28 May 2010 07:04:47 -0700

Nebula Rider (official name of the game to come) is progressing slowly. It's certainly not yet features complete, nor in any shape ready to be beta-tested. However the code size increase and with it the number of features implemented.

Just to give an idea, the real coding started 12th May, and 16 days later we do have 3800 lines of code which means a good average of 237 lines of code (counting weekends where I don't actually code).

Currently the game offers a smooth (on windows at least) experience, with plasma shoot, worm holes, space stations, planets and suns gravity attraction, asteroid fields, sounds and music. The initial stock exchange code is there, and you can buy and sell stuff... however each space station offer the same goods at the same price... which means => currently not much fun.

The graphical user interface is also taking shape, and is more and more complete.

ETA is still in about 2.5 months to really have a beta, so be patient, as much as us at least, and be assured we do our max to bring you a great new game.

IRC chat finally arrived

Mon, 01 Mar 2010 22:16:54 -0800

Even if not all is clearly working, the IRC chat is there for all. Sure some stuff need to be improved, or even yet ported to the new IRC chat, however a lot of work has been invested to make it a safe, stable, and friendly chat. From this move we gained the advantage of having an IRC compatible chat, which means any IRC client will do the trick, as well as the possibility to host IRC bots.

Also this move allows me to use the IRC client I'm working on, and share the workload across multiple projects.

New features from this move include:
- Infinite number of channels
- Better whisper / private messages handling
- Self written scripts for the chat
- Faster feedback
- Lighter on the server (as well on the network)
- Clan channels
- Channel topics

Things which are still missing:
- A good player info page
- Some handling for clan channels

IRC Chat

Wed, 24 Feb 2010 11:35:42 -0800

Finally after a HUGE amount of work we starts to test the firsts versions of the new IRC chat. Basically the chat is composed by 2 different softwares. A new fresh self written IRC server, which does have quiet different rules than a normal IRC server (that's the reason of a fresh self written code), and the usage of wsIrc (one of my pet projects) as web IRC client. Now thanks to wsIRC scripting capabilities, some stuff have been tweaked to reflect more how the old chat was working. Like avatars, titles, PH color and more.

The work is not finished, but well, it's a good start already, and starts to be used as well. Now the good news is that it seems the new server doesn't use much server resources, and that could save us a bit more in case the game continues to grow.

Things will now improve with old features like Glum, shortcuts, word filters etc...

PvP is there and some other goodies

Mon, 15 Feb 2010 00:38:47 -0800

The first part of the PvP battles are in. And it seems to work so far. Yes it's odd but it works and I can assure you it wasn't a small thing to make. Now remains to code some scoring system and implement the clan PvP. Seems my todo will never decrease.

On the "other news" side, some drop downs have been replaced with a good chunk of JavaScript. The goal is to remove those ugly and barely usable drop downs we had with something which allows you to search inside and maybe offers some grouping for example for the items you have with you. Maybe it can be further improved but so far I don't know how.

On the map making side, I tried to make the smart draw automatically make the transitions between water and grass (without the need that you make the sand), but epically failed. Yes that happens.

Finally (for today post), as Croesy had to step down for a while, I had to find some backup as I simply cannot handle all by myself, and found great help in the persons of Kerrik, Jones and Zonneschijn. Many thanks to them to accept this work, as it will certainly help me concentrate more on the development side, and remove a bit of the work load produced by all the admin work.

Map actions are there

Fri, 22 Jan 2010 22:47:06 -0800

Yes I did it, as promised: map actions are implemented. This opens the door to all kind of odd quests, where a map can change by simply walking somewhere. Or actually you don't need to even change the map, think about a quest where you need to explore some area, and you just need to go to the end of a tunnel, well with the new function you will be able to track if the player went there, without using a NPC dialog.

Also, multi player quests are possible, as if you use global variables, map will change in real time for all the players on the map. So think about some quests where you need multiple players standing on different points to unlock a given door. Well all that is now possible.

On the other side, I should present you another project of mine:
http://www.wsirc.com it's a full featured Web IRC client, which allows you to chat on IRC without the need to install anything. Some of you may know mibbit, well this is actually like mibbit but hopefully even better. Why did I started that? Well for a few reasons:

1) It's a fun project.
2) I learned some stuff.
3) I hope it will help to drive money / advert to our beloved game.

Indeed, even if doesn't have much to do with NEaB, it could allow us to just make NEaB more visible, as we could advertise it on a completely different service. And if this service does generate some money (not sure), well we could use this money for traditional advertisements. We shall see how it goes.

Improved security on NEaB

Mon, 30 Nov 2009 07:21:52 -0800

As I described in my last article, there is ways to improve the login security, well guess what? I implemented it inside our game. However it's not just matter of changing the home page and all would work, sadly NEaB is a tiny bit more complex and I had to dig into a lot of files to replace the old login schema with a new improved function.

Part of that work has been done last week, and then I waited the new week such that I would be able to debug things during the week. We do now have a more secure login / cookie as we NEVER transfer the password in plain text over the network. Also on the database side we don't store the password as plain text either, and therefore even if we get some hackers to read the table (which I hope is not possible) they would still not see our passwords. I don't know the passwords either as the encryption used is called "one way encryption" which means there is no real way to get the data back, beside from a brute force attack.

As side work, I changed the password recovery tool and to help players to use it, we now allow all users to change their email directly from the option panel.

On another subject, the battle rework seems to please a vast majority of the players, and even if there was some glitches, and 1 or 2 players unhappy with the move, I still believe it was a good feature change. Let's hope the next "phases" of this rework will be as good as the previous ones.

A more secure login

Wed, 25 Nov 2009 12:12:33 -0800

Once more I will pick a question from a chat discussion as starting point for a little article. The question was how to use SHA256 in JavaScript. Of course you may wonder what SHA256 is, well to make a long story short, it's a replacement (more secure) version of the well known MD5 "digest" function or hash function. Basically MD5 or SHA256 are functions which take some string and produce a binary short identifier for it. That means, you can in theory have more than one initial string which produce the same identifier, but it practice it's very unlikely and it is certainly extremely difficult without doing a brute force attack (more on this later) to find a possible string out of those identifiers. Those functions are also called one way cryptography, as it allows you to encrypt something but you cannot normally go back to the original message.

You know now what those function are, but how useful is it? Well maybe you don't know it but all the communication between the browsers and the servers are PLAIN TEXT which means anybody between the browser and the server could see the data exchanged without any problem. This is valid for all the GET, POST parameters as well as for the cookies or anything else exchange. The only way to prevent this is to use the HTTPS (S for Secure) protocol instead of the normal HTTP one. However there is a few issue with the HTTPS, first of all it requires a server certificate, and if you don't purchase one you will force your users to go through some odd browser acknowledgment which basically says: "Yes I agree and understand that this certificate is not valid or unknown". There is some cheap certificate (look for Go Daddy for example, but normally an SSL certificate is expensive and needs to be re-installed every year. Another problem with HTTPS is that it requires some more CPU on the server as well as on the browser side.

So if you don't use HTTPS as most web sites out there, you are in the risk that somebody steal the passwords players or admins use to log in on your site. And here we can use those "digest" functions mentioned above.

The idea is that you take the password given by your player, encrypt it on the browser side via JavaScript, and then send the encrypted string over the network. The advantage is that if somebody is sniffing your traffic he/she will not be able to read / know the password used. However this is only a first step, as this person could use the exact same encrypted string to be able to log in as well. So the solution is to concatenate the IP of the client as well as the password together and then make the MD5 out of it, on the server, as you cannot decrypt you do the same job take the user password out of the DB, glue it to the browser IP, feed it to the MD5 function and see if it matches with what you got from the player. By doing so, you ensure the same encrypted string cannot be shared along other PC if they use different IP. You could further improve it by using a cookie or some other kind of session identification so that only that browser will be accepted for that session and not all browsers / pc sharing the same IP.

As this could be somewhat difficult to understand just like that, I prepared you a full script (PHP and JavaScript) to see how things works. The first (and biggest) part of the JavaScript as you will see is taken from internet, so if you use it, please leave the copyright. For the remaining parts you can use it as you want.

The script:

http://base.nowhere-else.org/tutorials/check_pass.zip

A little bit more SQL complexity

Thu, 05 Nov 2009 01:52:02 -0800

While chatting with some of the well known moders in MakeWebGames forums and chat, I discovered that even if all have some knowledge of SQL (as it is required to be able to store and retrieve all the information in a standard web site setup), most fails when we go to something yet a bit more special, like, using sub-queries, join or grouping functions. This couple of articles will be toward this group of people which could gain something by doing yet more complex queries. I will explain the what and why of all those, and hopefully you will be all up and running to do yourself more complex queries and dig into the tables with some stronger tools.

Before we start digging into complex queries we will have to setup a couple of tables where which will help us to build our examples. I will also store those in a SQL file so you can directly download them and run them inside your PHPMyAdmin.

http://engine.nowhere-else.org/article4_tables.txt

This should create a table PLAYER with about 60 entries inside.

Now that we have the table and the data, we can start to check a few things. The simplest query that everyone should know is retrieve a row given an ID:

SELECT * FROM PLAYER WHERE ID=1;

If we read this query, we can decode it like that, "take all the data from the table PLAYER where the column ID contains the value 1";

Of course this was an easy one, now if we want instead to retrieve all the rows where the username starts with the letter B the query will use a keyword "LIKE" instead of the equal sign:

SELECT * FROM PLAYER WHERE USERNAME LIKE 'b%';

If you run this query you will see it returns more than one row, and that the uppercase or lowercase doesn't matter to the condition. Again this is not a very complex query, the only interesting thing here is the use of % which is a wild character when you use the "LIKE" keyword. The underscore "_" match any single character and the percent "%" match any number of any characters. You can also do a "NOT LIKE" operation to reverse your query. Keep in mind that "LIKE" is not a fast operation as MySQL needs to go inside the field an analyze it.

Now what if we want to count how many players reached at least level 20?

SELECT COUNT(*) FROM PLAYER WHERE LEVEL >= 20;

And here you see your first "GROUPING" function, as instead of returning rows MySQL will start to do some work with the result as it needs to count the number of rows.

We can work further in this direction and ask to count the number of players grouped by the first letter of their username:

SELECT LEFT(USERNAME,1), COUNT(*) FROM PLAYER GROUP BY LEFT(USERNAME,1);

As you see, we use a string function here, to read the first character out of the username (LEFT) then the now known COUNT(*) to count the number of rows and suddenly at the end we find a "GROUP BY" instruction. This is needed if you don't use ALL grouping functions in the SELECT statement. As LEFT is not a grouping function we need to give the instruction to MySQL to say how it must be grouped.

When you run this last query you will see that the column name of the result are basically generated out of the functions we use, however it may become odd to use such names in sub queries (something we will present here after), we need therefore to introduce column aliases:

SELECT LEFT(USERNAME,1) STARTWITH, COUNT(*) NB FROM PLAYER GROUP BY LEFT(USERNAME,1);

The names "STARTWITH" and "NB" will be used as columns name for the result table. Now, MySQL is not really strict on the syntax here, with some other databases you may need to use the keyword AS or put the alias name in double quotes.

Now what is a sub query? Well let's start with this example, we want to know all the username of the players which are in a group of those username where more than 4 players uses the same starting letter. Make sense? Well basically we want to retrieve all users width start the very common starting letter. How useful it is in real life I honestly don't know, but it gives you a first view of what a sub query can offer.

SELECT * FROM PLAYER
WHERE LEFT(USERNAME,1) IN
(SELECT STARTWITH FROM (SELECT LEFT(USERNAME,1) STARTWITH, COUNT(*) NB FROM PLAYER
GROUP BY LEFT(USERNAME,1)) SUMIT WHERE NB > 4);

Now you see it starts to get a bit more complex. What happens here is that we first need to extract which letters are mostly used, then select it in another query which are used by more than 4 players and finally retrieve all those which use those starting letters.

The syntax is the following: SELECT * FROM (SUBQUERY) LOGICALNAME
Where SUBQUERY is any kind of query and LOGICALNAME is a name you give to your pseudo table.

You see we used also the "IN" keyword, this tells to retrieve all rows where a column is within a given list. The list could be a coma separated list of values like (1,2,3,4) or defined by a sub query in which case the sub query MUST return only 1 column.

There is still something I want to explain before finishing with a nice query, and this is the JOIN feature. Normally when you want to "link" two tables together you do something like

SELECT A.*, B.* FROM A, B WHERE A.ID=B.A_ID;

Where the A_ID is the link between the two tables. This will work but will retrieve only the rows where there is a match. What if you want to retrieve also the rows of A, even if there is nothing in B? Then you must start to use the LEFT or RIGHT joins:

SELECT A.*, B.* FROM A LEFT JOIN B ON (A.ID=B.A_ID);

Now MySQL will retrieve all rows of A, with the data of B in case there is some.

With this knowledge we can now see the final mighty query of this tutorial:

SELECT PLAYER.USERNAME,S.NB NBTOT,A.NB NB10,B.NB NB30 FROM PLAYER,
(SELECT REFEREE REF, COUNT(*) NB FROM PLAYER WHERE REFEREE <> 0 GROUP BY REFEREE) AS S LEFT JOIN
(SELECT REFEREE REF, COUNT(*) NB FROM PLAYER WHERE REFEREE <> 0 AND LEVEL >= 10 GROUP BY REFEREE) AS A ON S.REF=A.REF LEFT JOIN
(SELECT REFEREE REF, COUNT(*) NB FROM PLAYER WHERE REFEREE <> 0 AND LEVEL >= 30 GROUP BY REFEREE) AS B ON A.REF = B.REF
WHERE S.REF=PLAYER.ID ORDER BY S.NB DESC

This query retrieve all players which have referred players, and count how many referred players they have, and the how many over level 10 and finally how many over level 30. This could be a nice report for you admin, and this is done with a single query.

The reason to do such complex queries is to avoid having multiple queries running to retrieve the data. Most of the time a single query even if a bit more complex is faster over a loop in PHP doing queries one after the other.

"Small" things, huge impact

Wed, 04 Nov 2009 07:39:14 -0800

This week I worked on something which may seem like a little thing at first: I replaced the left menu links (or at least all the player links) with some new buttons containing an image and some text:

Now of course this took quite a while for me to find ideas about which image should represent what, find a simple yet appealing look to those buttons, and finally make them with my trusty Photoshop.

Still, after this, I wasn't expecting such a huge "welcome" to the improvement. Initially I did it to improve (slowly) the look of the game, to have it look more like a game and less like a web page, and it seems the players really appreciated it.

Overall, small things can have a huge impact.

Players Corner is growing

Wed, 28 Oct 2009 07:23:20 -0700

Slowly things are growing on playerscorner.org side. First change is that now we use OpenID to authenticate users. So if you have a yahoo, AOL or google account, you don't need to create another account as you are already up and running. Second thing you will spot (if it's not already the first one) that I changed the look, many people said it wasn't really great, and I have to agree it wasn't really my best website. Now I don't say the new one is perfect, but it's better.

On the back end, I changed what the pages are called, instead of having a single index.php?PAGE=xxx I decided to call the pages directly. This makes things a bit easier to debug, and certainly easier to handle the links.

On the features, I started to implement the "activity points" as well as having a first initial review system up and running. More goodies will come over time, but hey that's the beginning.

I still need to code the Q&A (Questions and Answers) which will be like yahoo answers but focused on games. This will certainly require a lot more work on my side, and hopefully will have some good impact on the community.

On the content side, I had an agreement with a guy writing games reviews, he shall provide us about a review a week, which means we will certainly have some content to show.

As always all the existing tools are... like drafts and need to be improved over time. However having most features running before making advertisements is what we need. And the quicker the site is up and running the better it is.