Ask coding questions

← Back to all posts
p5.js using global scope
tussiez (1654)

There's a lot of good games on Repl.it using p5.js, but they're easily hacked simply because p5 uses functions in the global scope, e.g mouseClicked(). Is this good practice?

Answered by xxpertHacker (930) [earned 5 cycles]
View Answer
Comments
hotnewtop
xxpertHacker (930)

That's the cost of importing global code. Generally, nowadays, it's not good practice anymore.

See -> https://repl.it/talk/learn/The-Modern-JavaScript-Tutorial-Series-Part-2/81460 for better practice.

I'm not sure if there's a p5.mjs though.

realTronsi (926)

@tussiez any client side game can be easily hacked. You can wrap your actual game in a local scope, but anything in p5js should not be an issue

tussiez (1654)

@realTronsi Are you sure? I was able to write a bot for Zombie Runner in a few minutes by spamming mouseClicked()

realTronsi (926)

@tussiez mouse clicks are not something you can control even if you were to locally scope everything

tussiez (1654)

@realTronsi Correct. I don't know too much about p5, but I've learned a bit from other's Repls.
It is definitely possible to fire mousedown events, but it is many times more easier to do this simply by calling mouseClicked.

tussiez (1654)

@realTronsi It is also much easier for less-experienced users to access these variables/functions, e.g mouseX and therefore makes hacks more frequent on these games.

realTronsi (926)

@tussiez again, why would you care about someone hacking? This isn't something you can prevent either way

tussiez (1654)

@realTronsi You can make it hard enough, to the point that nobody would bother trying to hack your app in the first place. It is always possible to hack, whether it be "changing" the amount of Robux you have by editing the DOM, or scamming others out of millions via an exploit in a game.

realTronsi (926)

@tussiez again, why would you want to make it harder? It's useless, there is no reason to try to make cheating harder on a client game.

1) waste of time
2) some people enjoy playing hacked versions (basically sandbox)
3) hacking won't affect anyone

tussiez (1654)

@realTronsi

1) 3
2) Modding?
3) Hacking breaks most chatrooms on Repl.it.

realTronsi (926)

@tussiez

1) 3
2) 3
3) a chatroom is not client based, it is only hackable if it is coded poorly, which is irrelevant to this conversation where we're talking about client side p5js games

tussiez (1654)

@realTronsi
1) 3
2) 3
3) Then this makes a lot of my reasoning irrelevant
When we're talking about client side p5 games, storing scores in a leaderboard becomes difficult since it's hard to tell manipulated scores from normal ones. This is where antihack comes in.

realTronsi (926)

@tussiez Okay so you need to clarify that next time, as I mentioned client side game multiple times. Anyways, in this case, you have to implement the game in the server like normal people, as anti hack on the client is both useless and impossible.

If you have a live fps based game where players affect each other directly, do it live, otherwise you can do it asynchronously, where an engine is both on the client and server, and the server checks the legitimacy of the inputs and outputs

xxpertHacker (930)

@realTronsi This is actually funny, global variables are bad, don't have them, it makes it much easier to ensure that someone wasn't messing with the game, while making the code more readable, and the control flow easier to understand. Problem solved.

realTronsi (926)

@xxpertHacker yes never said they weren't bad, but you can't just stop using libraries because of that, and also I was addressing the "anti-hack" and trying to tell them anti-hack isn't possible. Just don't use global variables for the sake of code readability and good practice, not for "anti hack"

tussiez (1654)

@realTronsi
Yes, that what I did here.
This does not solve the leaderboard issue though

realTronsi (926)

@tussiez yes it does... unless its poorly coded. "Anti cheat" is something on the server, not the client

tussiez (1654)

@realTronsi Yes, but we are talking about client side p5 games

realTronsi (926)

@tussiez then a leaderboard isn't possible, make up your mind

tussiez (1654)

@realTronsi That makes all p5 leaderboards on Talk posts invalid.

realTronsi (926)

@tussiez well a global leaderboard is impossible without a server, I would like to see the client leaderboards you speak of

Coder100 (18123)

pffft imagine not knowing that you can make your own p5
click this

the reason why stuff is global is because processing, the father of p5, did it.