I've decided I want to make a web based MUD/RPG. I already have a story line(borrowed from a D&D world, but the creator will let me use it). Having this the next step becomes actual design of the game and world. Since this will be made in PHP and a lot of the information will be somewhat dynamic it appears the best method would be to use a MySQL database to store information about possible monsters/items that can appear in the world. The world itself will likely be hardcoded as it will be static.
Perhaps another method would be better than a MySQL database? Does anyone have suggestions and is anyone out there capable of making lots of decent 'pixelish' artwork?
If you are gonna make a MUD/RPG type thing, base it off of D&D!
I can hook you up with some eBooks of D&D rulebooks. They're $100 RL alltogether but since I love you I can hook that up for free. ;)
Pixelart?
maybe. IM me fag.
I've started work on the basic systems for it. You can see my progress so far at http://www.advancedcontent.net/zorm/RPG/.
I'm working on authentication things now. I intend to use SHA-1 and a salt to hash the passwords for storage in the database. Should I try and use javascript to hash the passwords before the client sends them to the server? Does anyone have a secure method of generating a salt?
Thinking through this project I also realized I'll need protection against bots and such at various stages in the game. One obvious place this is needed is at account registration. It will require an email and a link will be sent to that email in order to activate the account. Is there anything that can be done about those 'one' time use email accounts? My general feeling is there isn't a whole lot that can be done. The other thing that will be needed is some sort of CAPTCHA to prevent automated registrations and playing of the game. I'll make some simple checks that will try and detect 'bot' like activity, if its triggered a CAPTCHA will be shown and no other actions allowed until it has been passed.
This brings me to my next point on the CAPTCHA. The simple text ones have been broken and are often insanely hard to read even by humans, clearly this won't work. My idea was to show a simple picture and give 4 options for what the picture is(the options and picture will all be a single image). Then the user enters the letter of the correct option to pass the test. The problem with this is that the picture can't be truely random because I don't know of a way to reliably generate pictures of objects. So I'll likely end up with 5-10 pictures, would performing simple transformations on them be enough to stop something from recognizing them? My other thought is that perhaps I'm overthinking this and such measures won't be needed as its unlikely someone smart enough to solve the problem will play my game anyhow.
The problem with your image scheme is that, unless you have an arsenal of images to pick from, a bot creator could easily tell the bot to find the name of the image (IE: image1.png) and submit a specific answer for each picture. This would be effective unless you had 50+ images.
Talk to iago about the text ones, he wrote a bot to find it out (I believe? Or was this someone else?) and he would know something about this (or someone who I am mistaking with iago). That's pretty vague, but I'm pretty sure that it's iago who knows about this, which should be what you need to prevent automated signups. Also, block dodgeit emails and prevent bugmenot registered emails. This is assuming you get popular enough to even have to worry about this stuff.