Payment, donations or whatever ya wanna call 'em

So ya wanna make money for your hard work, eh? Who doesn’t? I sure as hell do which is why I will have a donation button.  Heck, I may have several just to get the point across that I want your money.

But am I going to offer game extra’s or charge to no? Notta chance. You many want to charge people to play or maybe just charge them to get the full experience,  but (I won’t say never will) intend on it. I may charge to have perks like no ads, friends list, crap like that but I am going to avoid game advantages like the plague.

And here is why: I make games not to make money. Money is nice and all but I view what I do more as an art than a job. Continue with the notation that what I do (design and code) is art, I want to have people enjoy my work equally. I would rather be popular and make no cash than have 1000 people play my game and make 500$ a month. But here’s another thing. Popular = more players = more donations.

So if I offer a truly enjoyable game, not one where people play to pass time,  but one where you WANT to play, one where you are excited to log on to, then I will be happy. Plus to boot if I have a game like that (some) people will want to donate.

Now, if I choose to ignore those reasons, and played with the idea of charging for bonuses this is what I come up with; You will have  a situation where the donors will always be stronger than the non-donors, which means a lot of the non-donors won’t want to play after a while. This I believe would hurt the community too much to be worth it. I think players left would either play just to do something or will be super competitive ruining the game for non-donor new comers.

Then we have pay to play. Sorry, I won’t pay to play standard MMORPG’s (Eve, WoW) why in the name of god would I pay to play a browser based game? “My game is that good” or “Pay to play makes the players think it must be good”. Whatever. I have yet to play a web game that has blown me away. I have paid for a few, I have donated to a few. The have been fun for… a week, maybe two. Come on. You think your game is the game to end all other games. It’s not. Sorry.

It may be damn good, but too many developers SUCK about game design. They can code but know shit about gameplay, or even their community.

So, if you are DEAD set on making money with your game, please do the perks, and not pay to play, because no one will play. I personally believe donations (without game perks) are the best not to make money, but to have a strong, happy community, which very likely in the end may pay more than a pissed of donation-game perk based community

Research

Wow, it has been a while since I have last posted.. Sorry all, I have been busy with work. They have me writing actionscript and coldfusion all day.

Anyways, this is a pretty simple idea that is it seems always over looked by those that design games. Go out and research the style of game you want to make before you start making it. Makes sense, eh? That you could go out, join a few games similar to what you want to create and get a feel for the community.

But surprisingly most of the people that are out there developing games have played 2 maybe 3 webgames before. And these games half the time aren’t even related to the genre they want to create!  Why in the name of God would you try to create something that already exists without looking at the pre-existing version?

Study the similar games. Find there flaws. Find out what the community wants. Then go design. For instance, my friend and I were going to create a space strategy game. After doing a little research we found a game EXACTLY like the one we designed on paper. Simple, basic game. There was nothing we could really change to make it different so we went back to the drawing board.  It was good anyways because I have a few good ideas to create 😉

So there ya have it. RESEARCH! Do it! Save us and yourself time. I hate seeing coders create a clone of other games without realizing it.

PS: I will try to post more often. I just have trouble thinking of topics to write about. If you have any ideas, please email them or post them in the comments

~BardicK.

Ticks/Timed Events/Crons etc

This post is going to be sweet and simple. When you design a game, say you want to give a player 5 more energy every 15 minutes or that you want to give them a ‘tick’, turn, round whatever every 3 minutes.

Well for this you would use a cron job. A cron job is pretty simple. You simply need to write a script that is constantly checking the time and running it against a equation or database or something. After you have the script written, this is the trickiest part: Ensuring that your server supports crons. It will state somewhere in the describe whether they are supported. Most web hosts don’t support them and that is why you need a server.

Anyways, what the cron on the server does is allow you to set how you want your script ran. So I can set it to run every minute, every 5 minutes or every 10 minutes.

And here’s a tip*

* When getting a server and you need say 5 crons and the server you’re looking at say it only supports one, don’t worry! What you do is turn you crons into functions and put them all in one script that runs, say every minute. This way you still have all your crons running without managing 3 or 4 or even 5 separately.

Now, I have a question for all the scripters out there: What other ways do you have for doing ticks/events, whatever? I would be interested in seeing what other ways a cron can be simulated/done.

Single Player Experience

Well like I said I would write a post soon and I believe this is soon 😛

So, as I’m sure you can tell by the title this post is about ensuring that your players can enjoy the game if they choose not to be a part of a faction/gang/team or whatever you call it. I even have a personal example I’m going to use! But this post is not meant to be a rival way to doing things as I wrote about in my Player Interaction post. No, this is meant to be the other half of that post. You will need both of these things to have a truly successful game where players not just play to enjoy one part but play because the on a whole the game is enjoyable.

So lets set up the example: I have a friend that I design games with (board mainly) but I told him to design a web game and that I would help him after he gets his core ideas down. Now a little note on this friend is that he’s not a big web game player and doesn’t know really anything about web. Anyways, he had his idea down and the basic premise went something like this: 2 types of units, 4 or 5 types of researches that don’t unlock, give, change the gameplay for you. They simply were mods for numbers, and the main focus was on single player politics.

I have no problem with the focus being on relations but if you are going to put a lot of emphasis on one section you still have to make the other part is enjoyable. So I told him his single play was too weak. That the players don’t have goals and can’t develop in different ways. After a while of arguing and explaining he finally seen my way so just to let you all know now, you can kick and scream and fight what I write, but this will honestly make your designs better. Yes can take the route he wanted but your game will never have 10,000’s or even 1000’s of players. It may be a blast to play but it doesn’t appeal to a broad enough market.

So anyways, this is the way I put it. Everyone wants their game to popular and have several 1000 players. If you put a HUGE emphasis on single player relations the game quickly becomes over whelming for players when you need to deal with 200 people that all think they are right. Then we moved onto group politics. Not everyone in a group can be the political leader apparently, so what are those players supposed to do? What goals do they have? There is no meat to the single player part of the game he had planned on.

My suggestion after he realized that I was right, players that aren’t leaders or don’t want to be leaders would have nothing to do, was this: Have more units each with strengths and weaknesses. This allows players to choose the way they want to develop their military (his was a war game). Have more researches that allow players to again develop in different ways. And have these researches unlock other researches/units. This too allows players to develop differently from each other and allow for multiple styls of game play, which is always a great thing.

Hopefully this beam of light has lit the way for you. Despite the fact we are developing multiplayer games, we need to remember that not everyone is political leader and not everyone is a warrior. We need to keep this is mind when developing. A good way to find out if you game is balanced is to ask yourself this :

Can players develop without interacting with others?
Can players develop in new ways through interacting?
Is there a point to personal development?
Is there a point to player interaction?
Can players development in multiple ways to better suit their style of play?
Do/Can these different styles benefit each other?

Those questions should ensure that you game is pretty balanced. Only playing will truly reveal but these are good guide questions to ask while developing.

As always, comments and input are more than welcomed!

IDEs

I know I could be writing about other things such as enusring the game in enjoyable for single users or a more technical issue such as cron jobs, but this has been bugging for me a bit. There are too many people out there that think IDEs are for suckers and that they are l33t because they script php in notepad or do all there html, xml, css, whatever also in notepad.

This doesn’t make you better than those that use IDEs. Actually it’s the opposite. Those of us that work in the web field know
that using an IDE is not only easier, but FAR more efficent. I have colored text, I have intellisense, auto completion, an eviroment that I can test code easily, tabs, better layout options and a number of other things.

I can almsot gurantee that if I and someone else were to write a scripts, me using an IDE and them using notepad, that I have cleaner code, and be done much faster.

So, now that little rant is out, what IDEs are ones that are worth buying/ stealing/ trying. But it really depends on what you want to code. If you want web languages (html,xml,css) Dreamweaver is by FAR the best. If you’re doing PHP/MySQL then you want Zend. ASP.NET is VisualBasic. For Java, get Netbeans. It’s great and free. Though I don’t like Java 😛

Personally I use Zend and Dreamweaver. I actually use Dreamweaver daily now. I also work in flash on a daily basis now writing actionscript. But I’m attempting to find a better IDE. Flash works but its not that great. If anyone knows one tell me.

So anyways, let’s wrap this up. USE A DAMN IDE! It will make life easier and make you more effiecent, which is a good thing. On a side note, sorry I have posted much lately. Started a new job so when everything settle downs I’ll start writing again.

Player Interaction

You are creating a PBBG (persistent browser based game). You have your game core designed and it may be a great idea… one of the best of all time! But, you’re player’s interaction with each other sucks. You’re game fails. Simple. Player interaction in PBBG’s is one of the most important things to be considered and is often overlooked or it feels like it was an after thought.

“But I have factions/gang/group/clans” or whatever you want to call it. Sorry, but that isn’t enough player interaction. True players can interact with each other, but thats on a very limited scale. Usually at max 20 people, and even then you don’t normally need to interact with your ‘gangs’.  I personally think more emphasis should be on uniqueness among characters somehow, be it skills, units, territories…  And make it so that for a gang to operate smoothly they need all or close to all of the difference traits.

So, we now have determined that most games don’t have enough player interaction despite gangs, forums and chat.  We have also covered making players unique in some way and make each unique future useful.  What else could you possibly add? How about a market? Or mini games that involve more than one player? Make the players input on topics matter, like voting for something within a ‘gang’. Or make it so that wars are often and require everyone to communicate.

But lets go back for a second to forums and chat. These are also important things that shouldn’t be over looked. You should make it very obvious and extremely easy for players to post on the public and private forums.  I personally love TornCity’s idea. When you log in the first page is the 4 newest threads from the announcement section. I would  personally expand this to cover all sections instead of just the one. Also, the forums are ingame, which means members only need to log in once, aren’t taken out of game and are simple to use.  You can also apply this to your private ‘gang’ forums, by having your gang home page display the newest 3 or 4 threads. Also, a shout box for the public or for gangs are great. It’s a quick and easy way for people to yell back and forth at each other.

As to a chat setup, please, please go with IRC. Using IRC gives your players the option of how they wish to connect to the chat. For example FutureCriminal uses a flash based chat which means you HAVE to use the crappy flash based chat service.

I will state again: Player interaction is the most important thing to these games. You could have the best single player ever but if I can’t play/chat/interact with others I frankly don’t care.

So keep this all in mind next time you are designing your games. This WILL help if you design this with the core of the system.

And as always, comments are welcomed!

Maintaining interest in your PBBG

So you have finally finished coding your game! YAY! Celebrate. Drink. Be merry. Do whatever you want but walk away. One of the hardest parts of having a PBBG is not planning, or coding but maintaining player interest.

You may be wondering how you can do this. In reality, the idea is simple, but putting into practice is where it gets difficult. The idea is simply this: evolution. Ensure that your game is not constantly evolving, but pretty damn close to it. To many great games have fallen because the creators have just released the game and went no where with it. You want to be releasing new content, new updates, new events, new whatever you can once or twice a month if you can. This also depends on the game you have. For instance if you have a round based game you will want to wait until the end of the round before making changes but if you have a never ending RPG, you while want to release minor updates at least once a month and major updates every 4-6 months. By major I mean changing the way people play the game.

But, there is another side to this coin. So you planned out updates and features to add later. This doesn’t mean that people will stay with your game. Look at TornCity. It has evolve a LOT since it was released three years ago, but they add new features everyone month or two, but there is nothing to maintain player interest. Ya, the new features are cool, but the game play is stagnant. This is why you are not suggested to release game play updates every couple months, but it’s damn near needed to keep older players interested. I’ve been playing TC for 3 years and there has almost be NO changes to the game play. Almost NONE! Most of the older players are quitting since there is nothing left for us to do.

You do not want this to happen. I do not want this to happen. You have a duty to your players that have invest the time and money into your game to keep the game fun, interesting and involving as long as you possibly can.

Yes, you will eventually reach a point where you can’t make any more changes and you should be willing to accept this (don’t give it up entirely, but just switch focus). When you finally see that time coming, switch your focus from evolution to creation. Take everything you have learned and make a new game. Don’t make the same game with a few different features, colors, names. Make a totally different game with a different kind of game play entirely. If you have a loyal community, 70-90% of them will likely try your new game. The style may not grab them, but it will grab a good number, probably about 40% of the ones that try it from your other game will stay. Thats a large community for a new game.

So remember these points: create, evolve, and create.

As always, comments, input, questions, criticism is welcomed. I hope this has helped you or guided you in some way.

Planning out your web game/PBBG

So, you have your design *completed* now and you are ready to crack up Zend or Dreamweaver or maybe even Notepad (I suggest Zend).

STOP!

Don’t go any further. Before you even think of scripting your game, go out and buy some cue cards or do it on your PC. It really doesn’t matter but plan out each and every page! I tell you this from personal experience: without this plan you will site around for while trying to remember how you had two pages connected, or what tables need to be updated on a event. And if you get really detailed (which I will be doing on my next game), which variables were used and what they contain.

So if you actually believe me, which I really hope you do, it will help, grab a piece of paper. First plan out ALL your tables. You*will* come back to these later to add new columns which you didn’t think of at the time. It always happens when working on a project of these size. But thats fine, since this plan isn’t set in stone. This is meant to guide you and keep track of everything that needs to be done, what has been done and how things connect.

You now have your tables designed to some extent on paper hopefully. Next is designing the pages on paper (or virutally. your choice). The way I do it is first going through and just think of all the pages I need and writing them down without the details and connecting them. You may want to do the details as you go, but I find it easier to connectthe pages before adding the details. You will also want to draw arrows to and from the databased when needed. So a grab from the database to display character information, or an arrow to it to show a field Update. If you are following my path, you will now need to fill out the details of each page. Again, you will likely come back to edit this once you start coding, but you at least now have a visual of everything you need, how its connected and most of the details or each page.

You should now be looking at a page filled with mad scribbling and a bunch of arrows. You may want to tidy it up or put each page/table on a cue card and stick ’em up on your wall. Anyway you look at it, you now have a plan instead of an idea.

You can also apply part of my idea’s to your development too. I mentioned before when planning to start with the basic name then filling out the details. Well the way I work is I go through and try to get the basic functionality of each page down and then will go back later and fill in the details (Proper text, messages), make tweaks, apply styles, graphics, etc. I do this for two main reasons. One is to make connections. I find if you make a pages completely then go to work on a page that is connected to it, you will eventually need to go back and start changing things on the so called completed page, and two, because if I stare at the same script for too long I start to get annoyed with it.

I hope this has helped you along with your development. And as usual, feedback is MORE than welcomed. Without your input, how can I/we create a blog with the best tips/guides/ideas for us developers/designers. Remember you aren’t alone and there are people similar to you that can help you with your game. All you need to do is ask 🙂

[digg=http://digg.com/design/Planning_out_your_web_game_PBBG]

Design – Early Stages

When you play a web game, what is that you look for? Personally, I look for a challenge,  things to do and interaction with other players. If I’m not just odd, and other people agree with this, why the hell do other pages lack so badly in these fields?

I worked solely on the design aspect of my current game in development, for about 2 or 3 months. Though my game is similar to others out there, it’s in the details where I hope to make my stand. I simply had to look and see where other games failed, such as TornCity. In TC player interaction is minimal, as is communication and development.  To be honest it lacks horribly in many fields that truly make a game addicting.

Lets look at StarKingdoms. Great player interaction, great communication, and is a challenge. It’s a good game. The only qualm I have is I am forced to play with others I don’t choose too. I would rather be able to choose you I interact with and when I do it.

These are just personal views but as you can see these are all things that must be taken into consideration before you start your code and even before you start your design. You have to decide how to want you players to interact and how you want them to develop.

Here one of the better ways to start your development. Think of you game, get the genre, the setting all that planned out. Then think of a goal. Then as many ways to achieve that goal as possible. In my case I have multiple goals. You can either aim to be the strongest, the best hacker, the biggest gang.. whatever you want.

Next, how do I want my players to interact? Do I want to force them or do I trust their abilities to want to branch out and interact or do I want to kick them in the path of interacting? I personally want to kick them. And hard. Then you encounter what is too hard? Well too hard is when you make the game unplayable unless they work with others all the time. There should be the element of being a single entity in the universe.

After you have all this planned out, your core to the game, you then fill in details and backgrounds. You flesh the game out.

And this simple path will also guide you in coding. You work on the core first, coding everything that makes the game playable, even if its just a little. This wil, and trust me from experience, keep you on a track that allows for a early alpha launch and makes your life easier.

Right now I am just breaking out of the details and moving back to the core development to try and launch an alpha. The details and hold you back. But that is another post that will come soon. I hope this helps you design more efficiently. I have designed a number of table top games and have several web game designs floating. Working that path I explained will not only make it easy but help you in working out the flaws in the core, which is far more important that details.

PHP web game security overview

As a game developer myself, one of the biggest fears I have is that someone is going to end up hacking my game and ruining it for everyone else. So, seeing that I am a member of a PBBG game dev board (here), I posed the question to the community;

How do people cheat in web based games other than using bots? Do they manipulate URLs or text boxes? Or is it mainly exploiting bugs?

Not long after the question was asked, I received a reply from one known as Nerdmaster(site). Now, the following is not the end guide to securing your game, but it does a damn good job of outlining ares where common problems occur.

But before that I will tell you the best way to prevent hacking which will be re-enforced as you read the reply: Don’t trust user input. You must always make sure the player has supplied you with legtimate data.

As a long-time security hobbyist, I have learned a few minor tricks for exploiting web games, and I was very successful with Mobster World (as I already mentioned). The most important rule is NEVER trust anything user-submitted without validation. URL arguments, form arguments, cookies, etc are all *very* easy to manipulate.

In mobster world, for instance, there was a place to go and buy guns. The page would load up a form, and you’d choose the gun you wanted. It did something with hidden fields to where your URL would just hit something like /buyweapon.php, and I guess the admin thought that made it secure. But if you looked at the form, it was sending across a few values. One was itemcost=xxx and one was weaponid=xxx. You could set itemcost to 1, and get any weapon for a dollar. These hidden fields were the worst kind of exploit because they would be so easy to fix – don’t rely on the user to supply the price; look it up based on weaponid!

Another problem with that game stemmed in the messaging system. When you read a private message, it would generate a URL like this: “/messages.php?action=read&id=xxx”. You could read *anybody’s* messages this way, just by changing the id in the URL. This was a case where user-supplied input should have been validated (and eventually it was, but by then the game was being exploited so much, it was too little too late). A simple if block fixes this – if message id xxx doesn’t belong to the currently-logged-in player (via session data or whatever auth method you use), DON’T SHOW IT!

Then there’s the issues with things like pulling off jobs – when you went to the “big jobs” option, you usually had two options. One was going to be successful and one wasn’t. By viewing the form, however, you could always tell which job would be successful. NEVER put that kind of data in the forms – you want to make random decisions happen only *after* the user decides what to do, never before.

Another issue is with SQL injection. In PHP this can be a problem because a lot of the examples you’ll find on the internet don’t properly handle SQL code. PHP has some stuff for automatically escaping quotes and such, but you can’t always rely on the server settings for your app, so it’s something you need to at least be aware of. I don’t know enough about SQL injection, but in a lot of languages, you have access to special DB commands where you use a ‘?’ in place of arguments and they get scrubbed by the DB layer so you never have to worry. If you have cookies that don’t get auto-scrubbed by PHP, this kind of knowledge can be very important.

Another important tip is do *not* store simple information in cookies. For instance, say you want to know who is logged in but you obviously do not want the user to have to log in on every page. If you take the quick way out, you might have a cookie that holds the user’s id. Well, once a user realizes this, they just change the id and become anybody they want! Similar issues can arise with cookies that store session ids (since those map to the server-side data for logins), but generally it’s much much safer to use sessions for storing login credentials than using cookies.

A final tip is to be careful of XSS attacks. In Rails there is a function (I think it’s from a ruby library, not specific to rails, but I don’t recall which library) that auto-scrubs data to keep html out of user input. The issue here is that if your users can put in angled brackets (“<” and “>”), they can very effectively destroy the game for everybody else. In mobster world, I used this technique to create a private message that would add a button to the form that seemed to be the normal “Delete Message” button. But when clicked, it would take that user to the “shoot another player” action, with a specific player id of somebody I wanted to torment. I never actually used this cheat, as I started feeling bad, but I tested it with a friend, and by cleverly constructing emails I could force players to take actions of any kind within the game. More malicious hackers can do a lot worse, such as hijacking passwords for other sites. I’m not sure how that happens, but the point is that you need to find a library in your language of choice that you use to scrub html out of user data. If there is data ANYWHERE in the game that one user enters and other users see, it *must* be kept clean of HTML. You could theoretically allow only certain HTML, but with all the very clever uses of html that can exist, I think it’s safest to just not allow users to enter HTML. In my Rails game I use RedCloth (a Ruby library to the Textile markup system) to allow users to do formatting without having to worry about XSS attacks.

For an example of how easy it is to have dangerous XSS even when you think you’re safe, watch this. This site’s forums allow “safe” HTML. You cannot, for instance, do a <script> tag:

<script src=”http://www.nerdbucket.com/js/common.js” type=”text/javascript”></script>

But you can use some tags, such as bolding, as I just did. Well consider this – inside a bolded element you can specify onMouseOver behavior. Hover your mouse below and watch as I change the element text (only works in DOM-capable browsers):

or am I?’;” id=”foo” style=”font-size: 150%”>I’m a safe HTML tag.

If somebody more malicious wanted to, they could probably hijack cookies and passwords from this forum. (Obviously I’ll have to alert the admin).

Now, you have the basics of how some attacks are made, you may be wanting more specfic examples with more detail. Well you’re in luck (as was I).
Not long after I asked this questio, Nerdmaster wrote a much more detailed description using an example in his blog (here) If you want a rather more details and examples of how people hack web (PBBG) games, you best check that link.