Hi,
I've bought chika script few days ago. Now it's time to share some of my experience with it.
Generally speaking: good looking and nice solution... but... it has some bugs which are usually invisible to most of us.
First - 3 things about high scores saving (function that is most important to me):
1. when registered and logged in user plays high score enabled game, high score saves each time the game is played - even if in high score table there is better score than new one. I really think that is not the idea of high score system.... and only HIGH SCORES should be (over)written to db.
SOLUTION: in file scores_save.php you have to add some code to check if there were better results in current game for current user.
2. THE BIG BUG - High score is saved with gameid and userid that are taken form $_SESSION. Each time script saves a high score two variables are taken from session table:
$userid = $_SESSION['UserId'];
$gameid = $_SESSION['gameId'];
Now imagine what will happen if a user open high score enabled game in new page, and just after that another high score game in another new page. If a user will play first opened game - on high score submission he will write his score from game1 AS A SCORE FROM GAME2 - that's because $gameid was overwritten when the second game page was displayed! An easy way to cheat high scores...
SOLUTION: some work in scores_save.php....--> find a game id basing on referer (which is in db as game file name...) and rewrite $_SESSION['gameId'] with the id of the game that the score was posted.
3.High score value as integer...
That is completely... wrong. Scores from 'time records' games are written as integers: let's say you've just played a game 100m running and have a high score 10.84 - it will be written as 11...
SOLUTION: change data type in db and remove (int) from (scores_save.php):
$score = (int)$_REQUEST['gscore'];
_______
that's all for now:). I've found also some other bugs but will write about them some other time.
regards.
high score system bugs
4 posts • Page 1 of 1
Re: high score system bugs
by chikaplay » Fri Nov 06, 2009 9:54 pm
Good find... Chikauser 
The community needs people like you and me to find bugs and point them out. I have also found bugs in this script that needs to be fixed. Glad to have someone that know things about coding to help find the solution.
I have also just bought this script about 7 weeks ago and I am not so easy pleased with it. I Also got the same people at chika doing me a custom made css template for the chika game script. Which may be a bad mistake. When they seem to be running in a loop to fix bugs in their software. We just have to wait in see what happens.
The community needs people like you and me to find bugs and point them out. I have also found bugs in this script that needs to be fixed. Glad to have someone that know things about coding to help find the solution.
I have also just bought this script about 7 weeks ago and I am not so easy pleased with it. I Also got the same people at chika doing me a custom made css template for the chika game script. Which may be a bad mistake. When they seem to be running in a loop to fix bugs in their software. We just have to wait in see what happens.
- chikaplay
- Posts: 2
- Joined: Sat Sep 19, 2009 2:27 pm
Re: high score system bugs
by chikauser » Tue Nov 10, 2009 4:22 pm
thx:)
One thing about #2 - THE BIG BUG - as I wrote before, now I'm using referer ($_SERVER[...]) - not session - to find which game posted the high score.
But there is one small problem, which is not connected with chika script itself. When you have an swf file embedded in html page (assuming you are using mod_rewrite) and that file uses POST to send some data (high score...) different browsers give different files as $_SERVER['HTTP_REFERER'].
IE - gives you .swf file BUT FF and chrome the html file! There is also some possibility that the high score is posted from .../play.php?gamID=X.
There goes a little solution for this - it gives you the sql to find the game that posted the data:
[scores_save.php]
[...]
$scoresNotSave = 0;
$_SESSION['score'] = 0;
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
//check the referer to prevent hacking
$referer = "";
if ($_SERVER['HTTP_REFERER'] != "") {
$referer = $_SERVER['HTTP_REFERER'];
} else {
if ( $HTTP_SERVER_VARS['HTTP_REFERER'] != "") {
$referer = $HTTP_SERVER_VARS['HTTP_REFERER'];
}
}
$scoresNotSave = 1;
//$score = (int)$_REQUEST['gscore'];
$score = $_REQUEST['gscore'];
$_SESSION['score'] = $score;
if ($score==0) {$scoresNotSave = 0;}
if ( $referer != "" && $_SESSION['logged'] ) {
$userid = $_SESSION['UserId'];
$podzielone = explode("/", $referer);
$ile = count($podzielone);
$gamefile = $podzielone[$ile-1];
if(substr($gamefile, -3) == 'swf')//if it's swf (IE) {
$sql = "SELECT * FROM chika_games WHERE gamFile LIKE \"%$gamefile%\" LIMIT 1";
}
elseif(substr($gamefile, -4) == 'html') //its FF or chrome
{
$gameid = $podzielone[$ile-2];
$sql = "SELECT * FROM chika_games WHERE gamId = $gameid LIMIT 1";
}
elseif(strripos($referer, '?gamId=') !== false) //.../play.php?gamId=X
{
$podzielone = explode("=", $referer);
$ile = count($podzielone);
$gameid = $podzielone[$ile-1];
$sql = "SELECT * FROM chika_games WHERE gamId = $gameid LIMIT 1";
}
else
{
echo 'ERR no 23132131312321 Please contact CIA.';//hehe
exit;
}
[...]
now you have only to find if the score is really high score an wirte (or not) score to db....
_____
and a few additional words about #1.
in general we have two kind of scoring in on-line games:
1. the more points you gain (shoot enemies, ride some distance etc) the better
2. the less points you gain (sport games with time running, avoiding catchin by some creatures etc...) the better
to be fully ok with it, chika should have one more field in games table (and on admin manage game page) - "scoring up/down". On a high score page (or side bar with high scores on game page) user scores should be displayed ascending/descending - depending on game scoring type...
As I understand THAT is the reason why scores where overwritten regardless it was a better score or not.
One thing about #2 - THE BIG BUG - as I wrote before, now I'm using referer ($_SERVER[...]) - not session - to find which game posted the high score.
But there is one small problem, which is not connected with chika script itself. When you have an swf file embedded in html page (assuming you are using mod_rewrite) and that file uses POST to send some data (high score...) different browsers give different files as $_SERVER['HTTP_REFERER'].
IE - gives you .swf file BUT FF and chrome the html file! There is also some possibility that the high score is posted from .../play.php?gamID=X.
There goes a little solution for this - it gives you the sql to find the game that posted the data:
[scores_save.php]
[...]
$scoresNotSave = 0;
$_SESSION['score'] = 0;
if ( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
//check the referer to prevent hacking
$referer = "";
if ($_SERVER['HTTP_REFERER'] != "") {
$referer = $_SERVER['HTTP_REFERER'];
} else {
if ( $HTTP_SERVER_VARS['HTTP_REFERER'] != "") {
$referer = $HTTP_SERVER_VARS['HTTP_REFERER'];
}
}
$scoresNotSave = 1;
//$score = (int)$_REQUEST['gscore'];
$score = $_REQUEST['gscore'];
$_SESSION['score'] = $score;
if ($score==0) {$scoresNotSave = 0;}
if ( $referer != "" && $_SESSION['logged'] ) {
$userid = $_SESSION['UserId'];
$podzielone = explode("/", $referer);
$ile = count($podzielone);
$gamefile = $podzielone[$ile-1];
if(substr($gamefile, -3) == 'swf')//if it's swf (IE) {
$sql = "SELECT * FROM chika_games WHERE gamFile LIKE \"%$gamefile%\" LIMIT 1";
}
elseif(substr($gamefile, -4) == 'html') //its FF or chrome
{
$gameid = $podzielone[$ile-2];
$sql = "SELECT * FROM chika_games WHERE gamId = $gameid LIMIT 1";
}
elseif(strripos($referer, '?gamId=') !== false) //.../play.php?gamId=X
{
$podzielone = explode("=", $referer);
$ile = count($podzielone);
$gameid = $podzielone[$ile-1];
$sql = "SELECT * FROM chika_games WHERE gamId = $gameid LIMIT 1";
}
else
{
echo 'ERR no 23132131312321 Please contact CIA.';//hehe
exit;
}
[...]
now you have only to find if the score is really high score an wirte (or not) score to db....
_____
and a few additional words about #1.
in general we have two kind of scoring in on-line games:
1. the more points you gain (shoot enemies, ride some distance etc) the better
2. the less points you gain (sport games with time running, avoiding catchin by some creatures etc...) the better
to be fully ok with it, chika should have one more field in games table (and on admin manage game page) - "scoring up/down". On a high score page (or side bar with high scores on game page) user scores should be displayed ascending/descending - depending on game scoring type...
As I understand THAT is the reason why scores where overwritten regardless it was a better score or not.
- chikauser
- Posts: 4
- Joined: Wed Oct 28, 2009 8:52 am
Re: high score system bugs
by Chika » Mon Nov 16, 2009 3:14 pm
Hi,
Thanks a lot for reporting this. Some of the issues reported here had already been spotted and corrected on next upcoming version. We are looking at this post in order to resolve any other issues that's been reported.
You're right, we do need users like you that sees other bugs that we don't come across with. We don't necessarily see "All" bugs no matter how hard we try.
Thanks,
chika
BTW,
We are looking for beta testers of upcoming release. PM me if any of you would be interested.
Thanks a lot for reporting this. Some of the issues reported here had already been spotted and corrected on next upcoming version. We are looking at this post in order to resolve any other issues that's been reported.
You're right, we do need users like you that sees other bugs that we don't come across with. We don't necessarily see "All" bugs no matter how hard we try.
Thanks,
chika
BTW,
We are looking for beta testers of upcoming release. PM me if any of you would be interested.
-
Chika - Site Admin
- Posts: 49
- Joined: Thu Feb 28, 2008 2:37 pm
4 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest