Gnet is a very simple system to track 'games in progress'. Servers add themselves to Gnet via
GNET_AddServer(), while clients can locate servers using GNET_ListServers().
Gnet was written by Mark Sibly, so 100% of the credits go to him! The Etna version allows to
avoid the freezing of the game while doing a request on the remote database.
Gnet was designed for Blitz users, who can use the master server on www.blitzmax.com for free.
For other language users, this is very simple to add a master server on your own web page, just
install gnet.php and the mysql table gnet.mysql.
You can start from these examples and the php file to add functionnalities like player counting,
score, status of the game and more! (to be installed on your own web site of course)
Security issue / Encryption
ETNA is using a very reliable encryption algorithm: RC4.
Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10^100. Eight to sixteen machine
operations are required per output byte, and the cipher can be expected to run very quickly in software. Independent analysts have
scrutinized the algorithm and it is considered secure.
If you use encryption with ETNA, you will need the counter-part on the script/server side. The functions you need to
encrypt/decrypt in php are available in php/ETNA_encryption.php in the ETNA package. Just do an include of this file in
your php file: include 'ETNA_encryption.php';
See the tutorials on encryption to see how encryption is working (and how easy it is).
For improved security:
Encryption works only for a call to script with arguments! Avoid using scripts without arguments.
Use encryption key hard to guess.
Do not use too short encryption key (8 characters or more).
Do not put your php scripts in an obvious place in your web site. "mygame.com/dfFGD/dsfGF/score.php" is better
Do not give too much liberty to your script: avoid putting commands like "erase an entire database table". Try to
have options in your script that are harmless to your database.
Tip for maximal security (if your game has a large community): in the current situation, a clever hacker could
"sniff" the packet you are sending, and, although he will be unable to understand the content, he could
send this packet again. The packet will then be received by the script on the server, decrypted and some
action will be taken by the script. So the hacker could use your php script even when encrypted.
Of course, this is something which is not simple to do, and you are unlikely to find such players/cheaters in the indie world!
To avoid this, the simplest trick is to add a counter to each command you are sending to the script file. The counter is
incrementing after each new command and the script file check the value of the counter: if the counter corresponds
to the expected value, the command is executed, otherwise the command is silently refused (this is what will happen
if a hacker resend a packet, since he is unable to increment the counter). For more robustness, you could use pseudo-random
numbers instead of simple counters.
In certain situation, you could also use md5 encryption. There is no
way to decrypt a string which was encrypted with md5, but md5 encryption is useful in certain cases
like sending password over internet, etc. Here are some