Referer Check
I want to make sure that the sites that are trying to sign in are trusted sites and not some guy trying to access the databases and cheat. I should try to do everything I can to protect the people that are signing up to play the games that they are as fair as possible.
Feature 1: Finding the Right Site to Redirect
One feature that I still have yet to implement but I am close to finishing it soon. Well, the feature isn’t really that important but would be nice to have since all other sites implement the same feature as well. The feature I am talking about is redirecting to the start of the game site. I can already tell which site the player signed in from and can guess where they are trying to go from there.
The reason for this feature is, when the member signs in from when the previous sign in fails, the redirect will bring them back to the sign in page. This is a problem because they are already signed in and have no purpose being at that page. Where they should go is the start of the web site, whether the game or the control panel. This should be easy if I just redirect to the first page of the site the user signed in from. Shouldn’t be that hard at all and I should be able to implement it in a few minutes.
Feature 2: Profile Set for Automatic Redirect
I was going to just redirect the player directly to the site they signed in from if the sign in process succeeded but I figure they may want to access the Control Panel from any site instead. I should probably set up the profile to where they can automatically redirect back to the game site when they sign in. I could do that too, after I complete the previous feature. I will also have to create the Profile page and update the database for this feature. I will have to come back to this feature later.
Account Check
This comes with the need of error checking and helping the member find the reason or problem of why they can’t sign in. The problems that could occur are many and I, the developer, should help the member as much as possible to figure out if the mistake is their problem or mine. If it is their problem, then I should give the solution to the problem or if it is mine then I should correct it.
Account Problems:
- Invalid Email/Password Check.
- Banned User.
- Vacation Mode.
- Not Activated.
- Game Sign In Disabled.
Possible Solutions:
#1
If the account isn’t found then it could be the result of the member inputting the wrong data. If that is the case then I should tell the user what part is wrong. I hate trying to Sign In and failing only to get the message, “Username or password maybe inoorrect!” Which part is it? It isn’t hard for them to tell me, or are they not telling me for security reasons? No matter the purpose, I should know, and so I will tell the person which part of the Sign In failed. If the username or email part failed then of course the password failed but I should tell the person if the username or password failed because it doesn’t exist or because the password is wrong.
#2
If the user was banned, then the reason and the time will be given when the user tried to sign in. Contact information will given to the former member to make a claim to rejoin. If the member is bad enough then that user may never be able to register with their email or IP address. It is difficult banning IP address if the computer is public because it would block ‘good’ members trying to register.
#3
Vacation mode is set when the player is going to be away for a long time and doesn’t want to be attacked and killed by everyone while his money gets higher. I can’t decide if I’m going to allow the income and attack points while the user is away.
#4
The user must have a valid email account because of spammers and for people trying to set up multiple accounts. Also, account information will be sent to the user. We must also find out if the email is correct and that the owner of the email actually wants to play the game. If the account isn’t activated then the user can’t play and needs to be told that they need to activate their account.
#5
Another feature I’m going to implement, is for when I change versions and I don’t want people signing in and finding out that they can’t play at that moment. Or if there is a bug and I don’t want people to see my debugging code.
Other Problems
If the script fails for some reason and it isn’t the user fault then I should be told but I haven’t figured out how that will happen.
Sessions
Setting up the Session is also going to be a big deal and will require me to restructure all my pages (not as big as I make it seem) to keep the member from signing in all the time. This shouldn’t take long and all I need to do is copy and paste the old code to this script and I’ll be done.
Anti-cheating and Logging
I’m trying to attempt to stop people from taking out two or more accounts and logging of the Signing In. Really, all I’m doing is logging information and then after I do this I will create some scripts to run against the table. I’m sure that any player can create something to fool the system but will catch most players. Right now I feel this basic system is good enough until I can find a better system.
Conclusion
That is all there is, really. The Sign In script isn’t a big project but requires some features that I wish I had put in the previous system. One major screw up I did was with the Registering script. Ah, damn, I’m still kicking myself for that screw up.
Possibly Related Posts:
- Mecha Asylum Design Document
- Data Store is Finished, but Still Imperfect
- If You Look at it This Way
- Configuration SPL Usage
- New Configuration Factory Possible Features
Comments are closed.