Leaderboards

[totallybueno]

Hi there,

I finished my game and I included scoreoid leaderboards, but it seems they´re not working properly and they´re not answering my email so I´m gonna change to another platform.

 

So, first question, what do you guys tell me? What should I use? I know clay.io but, is this just for games hosted with them?

 

I just need to read/store scores, nothing else

[Rocco]

i would also love to see a easy solution for this task which everybody needs.

without using platform tools from google, facebook, nutella, and so on....

a tutorial would be great for this, (instead of the 100x flappy bird clone tut)

[totallybueno]

Fuck yes, I always thought that a tutorial about this would be great (and I thought exactly the same about the thousand of tuts about Flappy Birds clones).

 

Just, if someone knows something about this, a link, a tutorial... maybe just the name of the "right" platform... that would be great.

[Rocco]

#push#

[totallybueno]

Hahaha, we should do this until we´ll find a solution

[lewster32]

This isn't really a Phaser thing as such. Unfortunately without using one of the many APIs available (Facebook, Google etc) creating a robust and secure leaderboard is no easy task. You'll need a server running a database of some variety to hold the scores, a way of logging the users in or determining in some way who's who so scores can be property attributed to the right player (this is one of the major benefits of using a social API as the login/authentication part is by far the most difficult part). You then need a way of communicating the score with the server (usually a RESTful endpoint so you can at the minimum POST and GET scores) and finally you need to wrap all this up within your Phaser app to make it as smooth as possible for the user.

 

Trust me, learn to use one of the APIs - once you've figured out the login process, everything else is plain sailing!

 

If you're absolutely hell bent on just having a simple API which lets the user post their name and their score, then you could probably knock this up in NodeJS (or your preferred server tech) pretty quickly, but it'll be very open to cheating, and if your game gains any popularity expect there to suddenly be a load of 999999999999999999 scores from players called 'LOL' and 'HAX'.

[totallybueno]

I know it´s not something about Phaser "per se", but anyway, it´s a common task, so I guess it should be something easy and fast to implement, something like those APIs I guess.

 

Scoreoid was perfect, but it seems it´s not working, and btw, you don´t need an user/pass... Do we have just those options?

[lewster32]

I'd probably look at one of the range of NodeJS leaderboards out there as a good start then. You could run this on your local machine to begin with, or get a Heroku or similar account to host it on.

 

https://www.google.co.uk/webhp?#q=nodejs%20leaderboard

[totallybueno]

Ok, thanks, I´ll try asap

[Rocco]

a way of logging the users in or determining in some way who's who so scores can be property attributed to the right player (this is one of the major benefits of using a social API as the login/authentication part is by far the most difficult part).

But this is for me also the most annoying part, i tried games with the used apis you mentioned and when it comes to submit scores,

there comes a list of disclaimers and wtf all stuff to accept and the registration prozess to whatsever platform, i mean this is ridiculous and this is the point where i  usually cancel my score submission..

Maybe its ok when you are registerd on such platform, but this games should run on every machine in every browser and just be simple and no pain for any player, no matter if he is registered on FB, Google, whatsever or not.

 

I just want a scoreboard like on a aracademachine, where you can write your nickname and press enter and the score is saved, thats all.

Maybe there is API out there, which makes it as simple as that,....

[lewster32]

I don't know of any already-hosted APIs that do that, because the point of social APIs is to encourage people to be logged in. You will find plenty of non-hosted APIs however which will do exactly that - and like I said, rolling your own in NodeJS wouldn't take too long. See my link above for some that already exist.

 

If you just want scores on your local machine, then you could also use localStorage to do this. Just save your scoreboard as an object in localStorage, and load it when your game is initialised. Then create some simple management functions which store the results and retrieve the scores in descending order.

[Rocco]

yes, thank you for your suggestion, i will look through it. ( i didn't saw it before my last posting!)

 

i had a strange experience as i described above lately with the google api, within this game -> http://www.html5gamedevs.com/topic/7081-completephasercocconjsfood-harvest/

[lewster32]

The social authentication journey is as streamlined as it can be right now, but security concerns make it still a slightly longer process for users and a rather complex and frustrating process for developers. I grappled with oAuth for a long time before I even remotely understood it, and it felt like I was jumping through hoops forever, reading outdated and plainly incorrect documentation. Finally I managed to get the Facebook scores API to work as I wanted to, but it did involve a lot of work and research sadly.

[totallybueno]

Any tutorial or place to check the code?

[lewster32]

Sorry no, the game in question was created for my company so the unminified source is not available, however the game is here if you're willing to beautify the source and pick through it - it uses localStorage and Facebook's API combined to ensure scores are saved and synchronised even when the player has no web connection:

 

http://games.holidayhypermarket.co.uk/hyperboy/

[marvster]

Is anyone familiar with common anti-fraud/cheat mechanism.

Even it's easy to set up a database and store highscores, especially using social APIs, it could be very hard to secure it against corruption.

[Rocco]

Sorry no, the game in question was created for my company so the unminified source is not available, however the game is here if you're willing to beautify the source and pick through it - it uses localStorage and Facebook's API combined to ensure scores are saved and synchronised even when the player has no web connection:

 

http://games.holidayhypermarket.co.uk/hyperboy/

 

i get this errormessage, when i click on scores:

Die Anwendungseinstellungen lassen die angegebene URL nicht zu.: Eine oder mehrere URLs sind in den Einstellungen der App nicht zugelassen. Sie müssen mit der Website-URL oder der Canvas-URL übereinstimmen, oder die Domain muss Subdomain einer der App-Domains sein.

[lewster32]

Oops sorry, that's our test URL. Try this:

 

http://games.latedeals.co.uk/hyperboy/

[lewster32]

Is anyone familiar with common anti-fraud/cheat mechanism.

Even it's easy to set up a database and store highscores, especially using social APIs, it could be very hard to secure it against corruption.

 

The social APIs usually give you some way of signing requests to help mitigate some kinds of fraud (i.e. posting scores on another person's behalf) but they deal mainly with ensuring identity. There's nothing however to stop a user uncovering your HTTP request to the server and then just putting in whatever score they want, and sending it through that routine with the signed request intact. I'm afraid I don't have the expertise to really cover any realistic ways you could prevent this happening.

[ivanix]

Hi guys,

 

I hope I am not hijacking this thread as I feel i am running in similar issues.

I too want to implement leaderboards along with some type of user authenication/authoriztion.  Use of 3rd party social api and standalone registeration and use of other gaming services are desired.

 

The main challenge I see with 3rd party API is that they require the app to use a secret key often embedded in the app.

Normally embedded in native binary apps, it hasn't raised much of an issue, with the exception below. However, with HTML5 running on the browsers, secret keys won't remain secret for long.

 

There's a site called api.shephertz.com that seems to provide some nice gaming apis, however, their javascript api examples show that the appid an secretid are needed in the javascript

http://api.shephertz.com/app42-docs/user-management-service/#create-user

 

So my limited understanding is that for best security, we need to call these gaming apis from behind our own server and just enforce some kind of  user authenication / session with our HTML5 game app.

 

Otherwise we are facing what many android app developers are now facing:

 

http://arstechnica.com/security/2014/06/secret-keys-stashed-in-google-play-apps-pose-risk-to-android-users-developers/

http://www.sciencedaily.com/releases/2014/06/140618163920.htm

 

@jorgeenriquezm,  if you want just a simple way to store and retrieve scores,  maybe this article may help, it describes using google drive and spreadsheet doc just for that:

 

https://coderwall.com/p/duapqq

 

EDIT: Sorry, never mind, its read only.

 

Regards

[totallybueno]

Thanks for the answer ivanix, I´m checking this but yes, it seems that we´re gonna have those security problems

[totallybueno]

Finally I´m doing it with clay.io and everything seems to be working perfectly