Save game result as URL

[gaulucky92]

Hi there, I would like to save the game result as a specific URL so that users can share their scores to their friends, via Facebook, Twitter,... Some URLs like mysite.com/2048#abc123xyz456, with "abc123xyz456" is an identifier of that result. I read the js source and saw some function about serializing game result and local storage,... but I couldn't understand how it works and where the game would be saved. I searched for wiki but found nothing. Please help me, thanks in advance!

[maciejczyzewski]

Without the database, anyone will be able to generate fake result. Remember that is only simple game... But :beer: for the idea!

[vko-online]

what about snapshoting page region with result and generate specific url for that pic?

[gaulucky92]

Thanks for you comments. I finally figured out how to modify the original script to do what I wanted. Now I can save user score, best score and the current gamestate to mysql database, with the user's facebook profile id as an identifier (I forced users to login with their Facebook accounts before playing), so that users can review their scores and their previous played gamestate. Of course I had to make another version of the script with the modified source code that doesn't allow users to continue playing on their result pages.

But, like @MaciejCzyzewski said, this game is very simple, store game data in the localStorage (browser's cookie), which is a client-side storage. This will lead to fake results if the user knows how to modify the game data in localStorage via the browser's console, especially when they've already learnt about this 2048 (open) source code. So, better not making an event with real prizes that uses this game to challenge competitors!

[vko-online]

but it's possible ,to store inside url thought. and with good secure. say player scored 350 points, and the datetime is 22.06.2014 11:33PM, and the let him enter his name when he wants to share his result, so we got 3 identities which can easily identify user, that might look like too simple. but if all of them hashed and again hashed and trimmed, it will be very hard so resolve or fake. example. MD5, and name is ='superchick'

hash 350 pts = 9de6d14fff9806d4bcd1ef555be766cd 22.06.2014 11:33PM = f2b9051b4de0cbeb1008f58d2ec856b2 superchick = 351aaa9a83e2819a3f21611b044eb825

rehash again (350 pts hashval.22.06.2014 11:33PM hashval.superchick hashval)= 6f025acc67c9e70769d6b3b68ec3ac9a

what you get is really nice identifier. and cannot converted back, so there must be another script that will generate images based on player result, snapshot it, and name as hashvalue.jpg, save serverside, and share. that might not look so sexy, but it's quite easy to implement. Any ideas?

[gaulucky92]

The important thing is, user can totally manipulate the game data (score, best score and game state) while playing, using the browser console with simple command:

window.localStorage.setItem('gameState','_fake_resulthere');

And, boom! Fake result is in the house! And now your hashing progress begins, with the fake result already set.

[sigod]

@vko-online

what about snapshoting page region with result and generate specific url for that pic?

Hmm. Let user tweet with screenshot of a result? Very interesting. Please, open new issue for this.

what you get is really nice identifier.

And what for this identifier used? It seems to me you didn't finished your explanation.

so there must be another script that will generate images based on player result, snapshot it, and name as hashvalue.jpg

Server side script or client side? In any case, why do you think it will be secure?

[sigod]

@gaulucky92

(I forced users to login with their Facebook accounts before playing)

Users will hate you for that. Especially those who doesn't have a Facebook account.

current gamestate to mysql database

Your solution prevent users from playing offline. Which is really bad for such a small game.

user can totally manipulate the game data (score, best score and game state)

Game state. That is. (I mean game state, not value in local storage) User can just "correct" game state and voila. You database and @vko-online script will process fake result.

And now your hashing progress begins, with the fake result already set.

I believe @vko-online wasn't talking about local storage at all.

I don't see why we must be concern about fake results. Let users choose how they play.

[sigod]

One more important thing:

There a lot of users playing at every point in time. I'm sure single server won't withstand them all. So it must be few good servers. And who will pay for them?

[vko-online]

And what for this identifier used?

we have 3 good keys. name, datestamp and score.

1. of all this is just image, which can be applied to div. and willbe showing result stat say in special page.

2. and this png actually going to be generated by script, on the cliend side, and posted to server. which also notable that it weights 2kb not compressed. obviously it can be minimized about half. why image? Because we can name it. Finally it becomes

So we have 3 keys. we can mix it, generate string, which cannot be converted back, so even developers wouldn't be able to change or steal something. and pass this string to script which wil generate score image and name it, then post to server. and get back link. And finally link would look like for ex: http://gabrielecirulli.github.io/2048/scores/6f025acc67c9e70769d6b3b68ec3ac9a last part is identifier of image. with 2^160 == 1.4615016373309029182036848327163e+48 possible values. hope you understood, any ideas of implementing that?

The important thing is, user can totally manipulate the game data (score, best score and game state) while playing, using the browser console with simple command: window.localStorage.setItem('gameState','fake_result_here');

about faking from console, i think it's nonsense, try it if you pass all of 20levels, then you can say gameStat can be faked

There a lot of users playing at every point in time. I'm sure single server won't withstand them all. So it must be few good servers. And who will pay for them?

There can be some barrier, say you allow people to save their stats if they score more than 2048pts.

[sigod]

I thought you were talking about taking screenshot of a whole game. Just score isn't so interesting.

string, which cannot be converted back pass this string to script which wil generate score image and name it

But how it will generate score image if string cannot be converted back? How will it know which score is hidden inside?

generate string, which cannot be converted back, so even developers woulnt be able to change or steal something

And how is that mean that result cannot be faked?

any ideas of implementing that?

It's not so complicated to implement. But, as I mentioned above, there's few issues:

1. Servers.
2. Security (which makes it complicated to implement, and probably not worth an effort)

[vko-online]

But how it will generate score image if string cannot be converted back? How will it know which score is hidden inside?

i ment different thing

    * @method Generate image
    * @param {String} name The player name
    * @param {Integer} score New score.
    * @return {Image} Returns instance of Image Class.
    */
function save(name, score) {
var date = new Date();
var imageName = hash(name, date, score);
return new Image();
}

[gaulucky92]

@sigod okay, my first issue was "how to turn the gamestate value (type: json) into an unique URL identifier", so that I could reserve that identifier to get the data to display the gamestate correctly. But then I thought it was kinda hard as I weren't good at encrypt-decrypting, so I decided to use MySQL Database to store the game data. The purpose of doing this is to let user share to their Facebooks NOT JUTS THEIR SCORES. I want to make a page that display the user's past game result, including their score, best score and game state. AND IT WORKS, the result page can recover the user's gamestate just like him/her has just finished his game in front of you, see the photo below:

And the URL are not very complicated (in my case, I used user facebook id and the time string they finished the game as the URL identifier):

And like @MaciejCzyzewski said and I agreed, this game is easy to make fake result, as it uses javascript with window.localStorage to store its data while playing. I modified the script to save game result to the database via ajax when the game ends. So before the game ends, user can probably change the result and then, vòila, fake result. I agree, this is too insecure, but as my purpose is just letting people play and share their results and challenge their friends, so this this acceptable.

And as I want this game to be "online", making this game offline is not necessary, the official mobile version of 2048 already did it well.

[gaulucky92]

I don't see why we must be concern about fake results. Let users choose how they play.

I'd just skipped this line. Totally agree! But unfortunately, it would be a mess if you plan to make a competition offering real prizes using this game. I've seen some people did, but they did not understand the game clearly, they just changed their score without touching the gamestate, their result shows 100,000 points but the game board shows only 1 2048-tile and some small tiles, which is so ridiculous.

[sigod]

@vko-online

So we have 3 keys. we can mix it, generate string, which cannot be converted back, so even developers wouldn't be able to change or steal something. and pass this string to script which wil generate score image and name it, then post to server.

And what prevents user from passing a fake image to the server? Or server somehow validates image and keys? If that is what you propose then what prevents user from generating fake keys?

with 2^160 == 1.4615016373309029182036848327163e+48 possible values.

Isn't it 2^128?

about faking from console, i think it's nonsense, try it if you pass all of 20levels, then you can say gameStat can be faked

Thanks for the link. Also, take a look at scores. Almost everything was cracked except 17th and 18th. Probably because this exercises aren't listed in the header.

There can be some barrier, say you allow people to save their stats if they score more than 2048pts.

Than what good it for? Also barrier won't help much.

@gaulucky92

it would be a mess if you plan to make a competition offering real prizes using this game.

But we don't plan it. Or we are? You need to ask @gabrielecirulli about this. You probably need to start your own project. But as I see on screenshots you already did.

I've seen some people did, but they did not understand the game clearly, they just changed their score without touching the gamestate

Also, there's a way to make game almost impossible to cheat. But it's very costly. You need to process game logic on server, client will only display game and forward input.

[trieunguyen96]

Hi, Can I ask how to do it? I mean what I have to do to generate "game result" as URL... I'm needing it and I'm just new so I don't understand much. Thank you

[sigod]

@ko0ll0ove Try asking it on http://stackoverflow.com/. There's much more people with free time.