I know I could be writing about other things such as enusring the game in enjoyable for single users or a more technical issue such as cron jobs, but this has been bugging for me a bit. There are too many people out there that think IDEs are for suckers and that they are l33t because they script php in notepad or do all there html, xml, css, whatever also in notepad.

This doesn’t make you better than those that use IDEs. Actually it’s the opposite. Those of us that work in the web field know
that using an IDE is not only easier, but FAR more efficent. I have colored text, I have intellisense, auto completion, an eviroment that I can test code easily, tabs, better layout options and a number of other things.

I can almsot gurantee that if I and someone else were to write a scripts, me using an IDE and them using notepad, that I have cleaner code, and be done much faster.

So, now that little rant is out, what IDEs are ones that are worth buying/ stealing/ trying. But it really depends on what you want to code. If you want web languages (html,xml,css) Dreamweaver is by FAR the best. If you’re doing PHP/MySQL then you want Zend. ASP.NET is VisualBasic. For Java, get Netbeans. It’s great and free. Though I don’t like Java 😛

Personally I use Zend and Dreamweaver. I actually use Dreamweaver daily now. I also work in flash on a daily basis now writing actionscript. But I’m attempting to find a better IDE. Flash works but its not that great. If anyone knows one tell me.

So anyways, let’s wrap this up. USE A DAMN IDE! It will make life easier and make you more effiecent, which is a good thing. On a side note, sorry I have posted much lately. Started a new job so when everything settle downs I’ll start writing again.

Player Interaction

You are creating a PBBG (persistent browser based game). You have your game core designed and it may be a great idea… one of the best of all time! But, you’re player’s interaction with each other sucks. You’re game fails. Simple. Player interaction in PBBG’s is one of the most important things to be considered and is often overlooked or it feels like it was an after thought.

“But I have factions/gang/group/clans” or whatever you want to call it. Sorry, but that isn’t enough player interaction. True players can interact with each other, but thats on a very limited scale. Usually at max 20 people, and even then you don’t normally need to interact with your ‘gangs’.  I personally think more emphasis should be on uniqueness among characters somehow, be it skills, units, territories…  And make it so that for a gang to operate smoothly they need all or close to all of the difference traits.

So, we now have determined that most games don’t have enough player interaction despite gangs, forums and chat.  We have also covered making players unique in some way and make each unique future useful.  What else could you possibly add? How about a market? Or mini games that involve more than one player? Make the players input on topics matter, like voting for something within a ‘gang’. Or make it so that wars are often and require everyone to communicate.

But lets go back for a second to forums and chat. These are also important things that shouldn’t be over looked. You should make it very obvious and extremely easy for players to post on the public and private forums.  I personally love TornCity’s idea. When you log in the first page is the 4 newest threads from the announcement section. I would  personally expand this to cover all sections instead of just the one. Also, the forums are ingame, which means members only need to log in once, aren’t taken out of game and are simple to use.  You can also apply this to your private ‘gang’ forums, by having your gang home page display the newest 3 or 4 threads. Also, a shout box for the public or for gangs are great. It’s a quick and easy way for people to yell back and forth at each other.

As to a chat setup, please, please go with IRC. Using IRC gives your players the option of how they wish to connect to the chat. For example FutureCriminal uses a flash based chat which means you HAVE to use the crappy flash based chat service.

I will state again: Player interaction is the most important thing to these games. You could have the best single player ever but if I can’t play/chat/interact with others I frankly don’t care.

So keep this all in mind next time you are designing your games. This WILL help if you design this with the core of the system.

And as always, comments are welcomed!

Maintaining interest in your PBBG

So you have finally finished coding your game! YAY! Celebrate. Drink. Be merry. Do whatever you want but walk away. One of the hardest parts of having a PBBG is not planning, or coding but maintaining player interest.

You may be wondering how you can do this. In reality, the idea is simple, but putting into practice is where it gets difficult. The idea is simply this: evolution. Ensure that your game is not constantly evolving, but pretty damn close to it. To many great games have fallen because the creators have just released the game and went no where with it. You want to be releasing new content, new updates, new events, new whatever you can once or twice a month if you can. This also depends on the game you have. For instance if you have a round based game you will want to wait until the end of the round before making changes but if you have a never ending RPG, you while want to release minor updates at least once a month and major updates every 4-6 months. By major I mean changing the way people play the game.

But, there is another side to this coin. So you planned out updates and features to add later. This doesn’t mean that people will stay with your game. Look at TornCity. It has evolve a LOT since it was released three years ago, but they add new features everyone month or two, but there is nothing to maintain player interest. Ya, the new features are cool, but the game play is stagnant. This is why you are not suggested to release game play updates every couple months, but it’s damn near needed to keep older players interested. I’ve been playing TC for 3 years and there has almost be NO changes to the game play. Almost NONE! Most of the older players are quitting since there is nothing left for us to do.

You do not want this to happen. I do not want this to happen. You have a duty to your players that have invest the time and money into your game to keep the game fun, interesting and involving as long as you possibly can.

Yes, you will eventually reach a point where you can’t make any more changes and you should be willing to accept this (don’t give it up entirely, but just switch focus). When you finally see that time coming, switch your focus from evolution to creation. Take everything you have learned and make a new game. Don’t make the same game with a few different features, colors, names. Make a totally different game with a different kind of game play entirely. If you have a loyal community, 70-90% of them will likely try your new game. The style may not grab them, but it will grab a good number, probably about 40% of the ones that try it from your other game will stay. Thats a large community for a new game.

So remember these points: create, evolve, and create.

As always, comments, input, questions, criticism is welcomed. I hope this has helped you or guided you in some way.

Planning out your web game/PBBG

So, you have your design *completed* now and you are ready to crack up Zend or Dreamweaver or maybe even Notepad (I suggest Zend).


Don’t go any further. Before you even think of scripting your game, go out and buy some cue cards or do it on your PC. It really doesn’t matter but plan out each and every page! I tell you this from personal experience: without this plan you will site around for while trying to remember how you had two pages connected, or what tables need to be updated on a event. And if you get really detailed (which I will be doing on my next game), which variables were used and what they contain.

So if you actually believe me, which I really hope you do, it will help, grab a piece of paper. First plan out ALL your tables. You*will* come back to these later to add new columns which you didn’t think of at the time. It always happens when working on a project of these size. But thats fine, since this plan isn’t set in stone. This is meant to guide you and keep track of everything that needs to be done, what has been done and how things connect.

You now have your tables designed to some extent on paper hopefully. Next is designing the pages on paper (or virutally. your choice). The way I do it is first going through and just think of all the pages I need and writing them down without the details and connecting them. You may want to do the details as you go, but I find it easier to connectthe pages before adding the details. You will also want to draw arrows to and from the databased when needed. So a grab from the database to display character information, or an arrow to it to show a field Update. If you are following my path, you will now need to fill out the details of each page. Again, you will likely come back to edit this once you start coding, but you at least now have a visual of everything you need, how its connected and most of the details or each page.

You should now be looking at a page filled with mad scribbling and a bunch of arrows. You may want to tidy it up or put each page/table on a cue card and stick ’em up on your wall. Anyway you look at it, you now have a plan instead of an idea.

You can also apply part of my idea’s to your development too. I mentioned before when planning to start with the basic name then filling out the details. Well the way I work is I go through and try to get the basic functionality of each page down and then will go back later and fill in the details (Proper text, messages), make tweaks, apply styles, graphics, etc. I do this for two main reasons. One is to make connections. I find if you make a pages completely then go to work on a page that is connected to it, you will eventually need to go back and start changing things on the so called completed page, and two, because if I stare at the same script for too long I start to get annoyed with it.

I hope this has helped you along with your development. And as usual, feedback is MORE than welcomed. Without your input, how can I/we create a blog with the best tips/guides/ideas for us developers/designers. Remember you aren’t alone and there are people similar to you that can help you with your game. All you need to do is ask 🙂

Design – Early Stages

When you play a web game, what is that you look for? Personally, I look for a challenge,  things to do and interaction with other players. If I’m not just odd, and other people agree with this, why the hell do other pages lack so badly in these fields?

I worked solely on the design aspect of my current game in development, for about 2 or 3 months. Though my game is similar to others out there, it’s in the details where I hope to make my stand. I simply had to look and see where other games failed, such as TornCity. In TC player interaction is minimal, as is communication and development.  To be honest it lacks horribly in many fields that truly make a game addicting.

Lets look at StarKingdoms. Great player interaction, great communication, and is a challenge. It’s a good game. The only qualm I have is I am forced to play with others I don’t choose too. I would rather be able to choose you I interact with and when I do it.

These are just personal views but as you can see these are all things that must be taken into consideration before you start your code and even before you start your design. You have to decide how to want you players to interact and how you want them to develop.

Here one of the better ways to start your development. Think of you game, get the genre, the setting all that planned out. Then think of a goal. Then as many ways to achieve that goal as possible. In my case I have multiple goals. You can either aim to be the strongest, the best hacker, the biggest gang.. whatever you want.

Next, how do I want my players to interact? Do I want to force them or do I trust their abilities to want to branch out and interact or do I want to kick them in the path of interacting? I personally want to kick them. And hard. Then you encounter what is too hard? Well too hard is when you make the game unplayable unless they work with others all the time. There should be the element of being a single entity in the universe.

After you have all this planned out, your core to the game, you then fill in details and backgrounds. You flesh the game out.

And this simple path will also guide you in coding. You work on the core first, coding everything that makes the game playable, even if its just a little. This wil, and trust me from experience, keep you on a track that allows for a early alpha launch and makes your life easier.

Right now I am just breaking out of the details and moving back to the core development to try and launch an alpha. The details and hold you back. But that is another post that will come soon. I hope this helps you design more efficiently. I have designed a number of table top games and have several web game designs floating. Working that path I explained will not only make it easy but help you in working out the flaws in the core, which is far more important that details.

PHP web game security overview

As a game developer myself, one of the biggest fears I have is that someone is going to end up hacking my game and ruining it for everyone else. So, seeing that I am a member of a PBBG game dev board (here), I posed the question to the community;

How do people cheat in web based games other than using bots? Do they manipulate URLs or text boxes? Or is it mainly exploiting bugs?

Not long after the question was asked, I received a reply from one known as Nerdmaster(site). Now, the following is not the end guide to securing your game, but it does a damn good job of outlining ares where common problems occur.

But before that I will tell you the best way to prevent hacking which will be re-enforced as you read the reply: Don’t trust user input. You must always make sure the player has supplied you with legtimate data.

As a long-time security hobbyist, I have learned a few minor tricks for exploiting web games, and I was very successful with Mobster World (as I already mentioned). The most important rule is NEVER trust anything user-submitted without validation. URL arguments, form arguments, cookies, etc are all *very* easy to manipulate.

In mobster world, for instance, there was a place to go and buy guns. The page would load up a form, and you’d choose the gun you wanted. It did something with hidden fields to where your URL would just hit something like /buyweapon.php, and I guess the admin thought that made it secure. But if you looked at the form, it was sending across a few values. One was itemcost=xxx and one was weaponid=xxx. You could set itemcost to 1, and get any weapon for a dollar. These hidden fields were the worst kind of exploit because they would be so easy to fix – don’t rely on the user to supply the price; look it up based on weaponid!

Another problem with that game stemmed in the messaging system. When you read a private message, it would generate a URL like this: “/messages.php?action=read&id=xxx”. You could read *anybody’s* messages this way, just by changing the id in the URL. This was a case where user-supplied input should have been validated (and eventually it was, but by then the game was being exploited so much, it was too little too late). A simple if block fixes this – if message id xxx doesn’t belong to the currently-logged-in player (via session data or whatever auth method you use), DON’T SHOW IT!

Then there’s the issues with things like pulling off jobs – when you went to the “big jobs” option, you usually had two options. One was going to be successful and one wasn’t. By viewing the form, however, you could always tell which job would be successful. NEVER put that kind of data in the forms – you want to make random decisions happen only *after* the user decides what to do, never before.

Another issue is with SQL injection. In PHP this can be a problem because a lot of the examples you’ll find on the internet don’t properly handle SQL code. PHP has some stuff for automatically escaping quotes and such, but you can’t always rely on the server settings for your app, so it’s something you need to at least be aware of. I don’t know enough about SQL injection, but in a lot of languages, you have access to special DB commands where you use a ‘?’ in place of arguments and they get scrubbed by the DB layer so you never have to worry. If you have cookies that don’t get auto-scrubbed by PHP, this kind of knowledge can be very important.

Another important tip is do *not* store simple information in cookies. For instance, say you want to know who is logged in but you obviously do not want the user to have to log in on every page. If you take the quick way out, you might have a cookie that holds the user’s id. Well, once a user realizes this, they just change the id and become anybody they want! Similar issues can arise with cookies that store session ids (since those map to the server-side data for logins), but generally it’s much much safer to use sessions for storing login credentials than using cookies.

A final tip is to be careful of XSS attacks. In Rails there is a function (I think it’s from a ruby library, not specific to rails, but I don’t recall which library) that auto-scrubs data to keep html out of user input. The issue here is that if your users can put in angled brackets (“<” and “>”), they can very effectively destroy the game for everybody else. In mobster world, I used this technique to create a private message that would add a button to the form that seemed to be the normal “Delete Message” button. But when clicked, it would take that user to the “shoot another player” action, with a specific player id of somebody I wanted to torment. I never actually used this cheat, as I started feeling bad, but I tested it with a friend, and by cleverly constructing emails I could force players to take actions of any kind within the game. More malicious hackers can do a lot worse, such as hijacking passwords for other sites. I’m not sure how that happens, but the point is that you need to find a library in your language of choice that you use to scrub html out of user data. If there is data ANYWHERE in the game that one user enters and other users see, it *must* be kept clean of HTML. You could theoretically allow only certain HTML, but with all the very clever uses of html that can exist, I think it’s safest to just not allow users to enter HTML. In my Rails game I use RedCloth (a Ruby library to the Textile markup system) to allow users to do formatting without having to worry about XSS attacks.

For an example of how easy it is to have dangerous XSS even when you think you’re safe, watch this. This site’s forums allow “safe” HTML. You cannot, for instance, do a <script> tag:

<script src=”” type=”text/javascript”></script>

But you can use some tags, such as bolding, as I just did. Well consider this – inside a bolded element you can specify onMouseOver behavior. Hover your mouse below and watch as I change the element text (only works in DOM-capable browsers):

or am I?’;” id=”foo” style=”font-size: 150%”>I’m a safe HTML tag.

If somebody more malicious wanted to, they could probably hijack cookies and passwords from this forum. (Obviously I’ll have to alert the admin).

Now, you have the basics of how some attacks are made, you may be wanting more specfic examples with more detail. Well you’re in luck (as was I).
Not long after I asked this questio, Nerdmaster wrote a much more detailed description using an example in his blog (here) If you want a rather more details and examples of how people hack web (PBBG) games, you best check that link.

Getting started on web game dev

Have you ever wanted to create your own web game but were unsure how to go about it or what languages you would need to learn to do it? Or even know what languages to use but not how to get them to work on your home machine?  Well this post should give you a starting hand.

Currently on the web, most browser based/PBB games are written in PHP/MySQL. Yes there are other languages used but I will cover these first.  Both PHP and MySQL are open source languages, meaning they are free and have a ton of online communities and support. Personally I am using those languages for the few games I am working on/plan on working on.

So, what is PHP? PHP put simply is a server side scripting language which returns html to the clients browser. What this means is that PHP isn’t ran on the players machine, but ran on your server. This give’s a little security because players can’t see your code, meaning they don’t know passwords, variable names, equations.

MySQL? MySQL is your datbase. It is the thing that stores your players information, such as names, experience, levels. You can even use it to record money transfer in game, mail, friends, and any other form of information you would like to view later.

Now, you have an idea hopefully what both of these languages can do for you. But how do you get server side languages to work on your home pc so you can build and test? Well the easiest way is to download and install WAMP if you are using a Windows PC.   (Mac version : MAMP Linux – A guide on setting up a LAMP )

WAMP is Windows Apahce MySQL PHP. Basically it installs a server (Apache) which is needed, since it basically turns your pc into a mini server to run PHP/MySQL which have files that interpurt the  scripts. After you have WAMP installed, are good to go. Browse into your wamp directory and you’ll see a folder called www. You will want to place your scripts there for testing.  So lets say you write your first PHP script :


echo “Hello world”;


You save it out and drop it in your WAMP www folder. You go to your browser (no need to be online) and type in http://localhost/*name of file*

To create databases is also pretty simple. Click on the wamp symbol in your system tray and click PHPmyAdmin. There you can set permissions, create databases, and insert info. I will write a starters guide for myAdmin at a later date  and demonstrate the basic way to connect, insert, delete, whatever using PHP.

So after that you may think that PHP/MySQL isn’t for you but you still want to create web games. Well for web games you need a back end (database) be it SQL, MySQL, Access (*shudder*), Oracle or whatever database language/server to have access to.  You also need a scripting language of some sort, the two most popular PHP and ASP.NET, though others do exist.

You can also use other languages such as JavaScript, Java and XML to handle some of your information instead of relying on just your scripting language.

I hope this has given you the knowledge you need to know, not to script, but to know where to start looking. I know personally when I first started I didn’t know what languages to use, or what options I had.

Also, for anyone that develops, please feel free to post the languages and set up you use.


Persistent Browser-Based Games

Thats what PBBG is, and many of us developers/players work on/play.

Bud (the guy that owns the PBBG I linked to) was trying to define the genre because it’s not quite a MMOG because it’s played in a browser. And this is what he came up with.

If you are unsure of what style of game this describes, its a game played through the browser where after you long off, the game world still exists and so does your character. It is often defined by 1000’s of players playing a game where they interact very much like a MMOG.

If you a player/developer support this project! This is our chance to make it known that we exist. To make our little corner of the net larger, better… and overall, provide a better playing experience to everyone.

Hello all!

Hello everyone, I am bardicknowledge, founder of this little blog.  Let me start by getting right to the point and saying what we are about here.

The idea that drives this blog is that as a community, we can help each other improve upon our browse based game or our table top games. I’m sure all of you developers out there, at one point in time, have been stuck, trying your damnedest to  think of the perfect way to have an action performed or how a rule should be applied, or what numbers should be used. This is part of the reason is blog exists: To help developers in need.

The second part is to raise the standard of games. Everyone wants their game to be the best, the most enjoyable to play, the most addicting. But how do we do that? How can we achieve this level of greatness? Well as a group, I hope to study others mistakes, figure out where they went wrong and how to improve upon that area.

So, interested yet?

Here’s the thing. I can’t do this all myself. I can’t tell everyone the details to every genre. I can’t give you the secrets to the perfect game. Sorry. But here is what I, actually, WE can do. WE can all work together to bring articles, links, code, anything, together here for others to review and comment on.

You may be saying, “how can I  help this community”. Well this is how. Go to the contact page, and my email is there. Send me an email with articles, links whatever. Just be sure to include your name so I can give you credit for your articles/code/finds.

I hope this has caught your interest and you will all come back to see what we can pull together.

Oh! I almost forgot! Have a game YOU made?  Send me of a email (contact page). I will be listing contributors games on a ‘Games’ page.  So make some comments, submit some content… be a regular and I will gladly link from here to your game ^_^