Oh, a couple of my members have complained too that in Breakout, after the ball gets so fast, it starts to skip tiles making it impossible to win. I know you didn't do the flash code for the games, but I just thought I'd let you know. ;)

Hi all,

I installed this hack but when i played a game it goes from http://www.url.com/forum/proarcade.php to http://www.url.com/proarcade.php.

I searched this whole thread for a solution but couldn't find it. :(

What do i have to change ?

Regards Michel

I need a little help please :)

Part of the hack replaces this code in showthread.php:

I don't see this code anywhere. It is probably because I'm still on 2.2.2. Where should I place the replacement code?

One of my users got 1,701,203 in Tetris! They must have been playing for ages!

Craig

All these games can be easily hacked by memory editing. I don't know how to fix this, just pointing it out.

Got a quick question for ya Futureal... How exactly is the time for the games recorded? I'm guessing it pulls the time from the server since it seems to be about 2 hours off from the message board. Does it keep a record of the time from the server and record that, or would all the times change if the server time changed?

As far as I know, any Flash movie can be edited in this manner. Flash security is very, very limited. There are ongoing discussions and "challenges" on FlashKit (www.flashkit.com) regarding security.

The only thing I can think of that word be worth doing to prevent cheating is recording a user's "time of entry" onto the game page and then his/her "time of entry" onto the score page. Using the scoreboard editor, an adiministrator could easily see when a user is fooling the system -- e.g. a score of 1+ million in Tetris requires, what, 30 minutes of playing?

Really though, there is no foolproof method here. Anybody who knows how to hexedit can probably find a way to beat the system, but I am not too worried about it. I watch for things like new accounts immediately getting the highest score, and users having played once or twice and getting the highest score.

As always, I am open to suggestions on this matter if anybody has them. Security is a big issue here, but unfortunately Flash/PHP interaction is inherently insecure. :(

edit: This also addresses PlurPlanet's problem/question. I think that after reading this stuff, I may work on implementing my idea above. It would add yet another table and a few extra queries but it sounds like it would be worth it. In general terms, here is how this would work:

• When a user goes to a "Play" page, an entry is recorded in the security table showing the user's ID, the game's ID, and the current server time.
• When a user goes to a "Game Over" page, the security table is checked for the user's most recent open entry for that game, and the entry is "closed" by updating the record with the gameover time.
• Each time a user goes to a "Play" page, the database checks to see if there is an "open" entry for that user and game; if there is, it is replaced, otherwise a new one is created

This would add 2-3 queries to the play page (the DELETE would not always occur) and 2 queries to the gameover page, as well as a fifth table to the arcade. The advantage is that it is completely server-side, so a user will not be able to fool it. The disadvantage is that a clever user could still fool the system if he/she knows how it works. However, it should make it a lot easier to spot.

The time is (right now) pulled off of the server and stored in the database in server time. I have not yet added the code to adjust for user's timezones, although that will be rather easy to do.

Also, see my previous post for discussion of your other problem. Thanks.

See if you can find the line:

And add it right above that.

This sounds like a bug that has already been fixed. Make sure you download the latest version of the zipfile from the first message and replace your proarcade.php and proarcadeadmin.php with the ones from the file.