Planning
What do you want to gather from the player?
Do you have to conform to COPPA, based on what data you gather?
Do you want to keep the user data separate from the game data?
How are you going to authenticate the user and handle account recovering?
Does the user need to activate their account after they sign up?
Member Authentication
You will need to use a form, which could either be on every page or by itself on a separate page. You will also need a script to check the values then log the sign in.
Registering
Well? You want (re: need) people to be able to sign up. If you ask for the gender, address, or other personal information, then you will need to conform to the COPPA policies. It is easier to not take any of those and leave the COPPA out of it. It is always a good idea to make the extra check that the person is over 13, because you could be liable for damages or something.
If the input values don’t validate, then you need to spit the form back out at the person. Preferably with descriptions on what the user did wrong and solutions. Usage of JavaScript could help, but not required if the backend is done right. Most scripts run fast enough to where it isn’t needed. Even if you do use JavaScript, you still want the PHP script to check the values, in case the browser doesn’t support JavaScript or it is turned off.
Once a game gets popular, a person may consider sending bots to automate the registering process. It is a good idea to use some type of image creation (generally GD or ImageMagick) and requiring the user type it in before they can finish.
Recovering Password
It is always a good idea to encrypt a person’s password in the database. Which encrypt you use will depend on how easy it is to recover a user’s password. MD5 is impossible and better to send a random password. (My)SQL Password function is also impossible to recover the password (as far as I know). If you encrypt with another PHP encryption technique, then in most cases it is possible to decrypt the value and send it. If you want to take the time to develop all of that, then go ahead, it is easier and faster to use the SQL Password function for both validation and encryption. You can secure it easily but using the $clean_variable = mysql_real_escape_string($unclean_variable);, so it is a win/win. Better encryption would be using the PHP encryption technique as a few of the methods are fairly uncrackable (as much as encryption can be unhackable).
Activation
Email activation does irritate users, but it could save you from people trying to get in with bogus email accounts. There are a few ways of doing this, sending the password to the email address or sending a code for activation. It works by only allowing those who get the email to sign in. If they don’t get the email and can’t sign in, then they can’t play and you can delete their account.
For those that use the code activation technique, it would be a good idea to allow resending the code in case it got lost on the email server (outgoing on your end or incoming on the user’s end). It would allow those who really want to play another chance to sign up. Or you could just have it automatically delete the account after so many days and force the user to sign up again.
Possibly Related Posts:
- Game Engine Development and Open Source
- Plans for Base CMS
- Bullet: E-Book Library Management and Content Server
- Using ZendFramework 2 beta1 For Directory Project
- Project Plans
Comments are closed.