Share your repls and programming experiences

← Back to all posts
FIXED! -Multiplayer Clicker Game- Factions Online
CatR3kd (552)

Hey Guys!

YESSS! It's finally done!

SO. Once upon a time I made a cool little clicker game and posted it on the share page, and it got pretty popular! So, me and @NoNameByProgram teamed up to make it online! Me and them (Mostly them) have added:

  • A leaderboard
  • An account system
  • Removed console hacking
  • A daily reset timer
  • Removed Enter-Clicking

HOW TO PLAY:

The goal of Factions Online is to get the most money in the shortest amount of time. The game works by resetting nightly.
You have to get the most amount of money before then, to get your name on the leaderboard.
You get money by clicking and getting upgrades and autoclickers, like most clicker games.

Be sure to check out @NoNameByProgram , they are a super good coder and were CRUCIAL to this and did 99% of the NodeJS.

Note:

If it's not letting you make an account or start the game, try in a separate tab.

Please don't set your username to anything inappropriate, as we will smack you with the mighty banhammer.

Thanks so much!

P.S. If you liked this, I would a much appreciate an upvote!
-CatR3kd with <3

Edit: We are looking for an artist!

If you want to help out by making art, you can read and comment on this post. Thanks!

P.P.S: Don't click this link

Comments
hotnewtop
NoNameByProgram (198)

NOTICE TO ALL USERS:

We have seen the people hacking with HTML tags, and we are banning them completely. Numbers and symbols are banned for now. We are sorry for the inconvenience.

CatR3kd (552)

Yo what happened? I ate dinner and missed all the fun lol @NoNameByProgram

NoNameByProgram (198)

@CatR3kd people are putting html tags and now the leaderboard is dying

CatR3kd (552)

ooh wow.
edit: just saw the repl crash in the console lol
@NoNameByProgram

CatR3kd (552)

we could just disable the button until it is fixed? @NoNameByProgram

CatR3kd (552)

Hey so some dude named asdf has 123412341234213e+22$.... How do I ban him? @NoNameByProgram

NoNameByProgram (198)

@CatR3kd lmfao
remove his name in the json files

realTronsi (919)

@NoNameByProgram oh boy you had no XSS protection? If scripts were injected cookies could've been stolen and the attacker could login to an account via the cookie

NoNameByProgram (198)

@realTronsi ...what? that won't work. we use passwords

realTronsi (919)

@NoNameByProgram ik but you have cookies, so leading a XSS attack could easily have stolen everyone's cookies and hence their accounts. Other more malicious things may happen as well, such as virus injections and/or ip loggers for DDoS attacks etc

NoNameByProgram (198)

@realTronsi oh god, i'm glad we added that username thing. but what if they put it in the password? will it still work?

realTronsi (919)

@NoNameByProgram uh I haven't looked at your code, I'm assuming for the lb you're using innerHTML? If thats the case then that's the culprit. Passwords wont matter unless you're displaying someone's password

NoNameByProgram (198)

@realTronsi what's an lb? Anyway,
passwords are never displayed, so does it still apply?

realTronsi (919)

@NoNameByProgram lb means leaderboard, and yes no need to worry about passwords

NoNameByProgram (198)

@realTronsi Ah! So everything is fixed now, phew!

CatR3kd (552)

Phew! That would've been bad. I was able to get onto repl real quick, and found a major bug. If you have the game open while it resets, you keep your progress. This is not good lol. Maybe you could ifx it by kicking the user off at 8:00? Like refresh the page? IDK, but I'm glad I noticed lol. I may or may not be able to respond to further comments lol
@NoNameByProgram

NoNameByProgram (198)

@CatR3kd i think it refreshes it....when was this exactly?

NoNameByProgram (198)

@CatR3kd yea, i just changed the code after the reset and now it's working...

it should work now

CatR3kd (552)

Cool. Thanks! oh btdubs I'll ping you on discord when iv'e finished the info page, it'll probably be tommorow. @NoNameByProgram

NathanPp (8)

@NoNameByProgram pretty sure people are hacking again, there are insane numbers that were gotten in an hour or so

CatR3kd (552)

OK, I have been banning people but I can check again. @NathanPp

RolandJLevy (1069)

@CatR3kd to stop people trying XSS hacks you could use a function like this to block all HTML tags. It won't allow any input surrounded by tags, like this <this is a tag>.

Here is the function:

function isTag(str) {
  return /<[^>]*>/g.test(str);
}

To add another layer of safety you could run this function before submitting the input:

function convertTags(str) {
  return unescape(str).replace(/</g, "&lt;").replace(/>/g, "gt;").trim();
}

Here is a repl I made which demonstrates how to use the functions: https://repl.it/@RolandJLevy/js-input-with-tags-blocked

NoNameByProgram (198)

@RolandJLevy Thanks! This will really help in the future!

RolandJLevy (1069)

@NoNameByProgram, that's great! Good luck with your project :)

CatR3kd (552)

Hey @NoNameByProgram , me and lightning rock were thinking of doing some big boy updates. We probably should turn off the project. So if you want to add the chat(s) feature, this could be a good time!

NoNameByProgram (198)

@CatR3kd i guess we could start the chat sometime today :D

CatR3kd (552)

Cool, yeah! I'm not gonna have very much free time today but if you want to do it without me, that's not a problem @NoNameByProgram

NoNameByProgram (198)

@CatR3kd any idea why the users are being banned?

CatR3kd (552)

Yeah, the json file keeps deleting itself. |: @NoNameByProgram

NoNameByProgram (198)

Mhm. We're banning you if you have a bad word in your name. 24/7.

CatR3kd (552)

Oh yeah, boi. No getting past us. @NoNameByProgram

realTronsi (919)

@CatR3kd you can use an automod that auto bans

CatR3kd (552)

yeah, we are actually working on that right now! @realTronsi

GeumjuKim (18)

WOW THIS IS FUN
(reads: P.S. If you liked this, I would much appreciate an upvote!
-CatR3kd with <3) OH HAVE I NOT? UPVOTES

MichaelBarnes0 (1)

Hmmmm.... We Couldn't Reach Your Repl
Make sure your repl has a port open and is ready to receive HTTP traffic.

Does this sound familiar to anyone?

firefish (935)

ew <i> tag use <em>


yuck what is this

  if (cookies.username && cookies.password) {
    if (cookies.username in accounts) {
      if (accounts[cookies.username] === sha256(cookies.password)) {
        res.render("html/game");
      } else {
        res.render("html/index");
      }
    } else {
      res.render("html/index");
    }
  } else {
    res.render("html/index")
  }

use this

if (cookies.username && cookies.password && Object.keys(accounts).includes(cookies.username) && accounts[cookies.username] == sha256(cookies.password)) res.render(`${__dirname}/public/html/game`);
  else res.render(`${__dirname}/public/html/game`);

ew who uses var you do know about this thing called hoisting which allows you to use variables before they are declared, please use let


app.get("/leaderboard", (req, res) => {
  res.render('html/leaderboard');
});

could become

app.get("/leaderboard", (req, res) => res.render('html/leaderboard'));

but you aren't actually returning the value of res.render("html/leaderboard") so uh your choice


WHAT

    if (seconds.toString().length === 1) {
      seconds = '0'+seconds.toString();
    }

if an if has one line in it do this:

if (seconds.toString().length == 1) seconds = `0${seconds}`;

USE INTERPOLATION PLEASE


If there is one parameter, omit the parentheses
socket.on('homeerror', (err) =>
should become
socket.on("homeerror", err =>
also you use arrow functions! a good thing.


also the function keyword hoists to the top of the function call as well, use
let myFunc = () => { /* ... */ } always


Other than that your code is good

CatR3kd (552)

Uh this is all nonamebyprogram's code maybe you should tag him lol I don't do the nodejs @firefish

firefish (935)

@CatR3kd Alright here is some CONSTRUCTIVE criticism about your code @NoNameByProgram (also you could've pinged him here but)
Also these principals apply to all JS

firefish (935)

@NoNameByProgram It's just unidiomatic code is painful to look at

CatR3kd (552)

Hey @NoNameByProgram @lightningrock wants to know if he can help with the game, and im fine with that, just wanted to check with you

NoNameByProgram (198)

@CatR3kd Fine with that! Also, should we put this game on a Git repo?

firefish (935)

@NoNameByProgram Well yes, Git is like the best, repl.it's vcs is just a pig's breakfast

CatR3kd (552)

Yeah, I'm thinking if this game gets epic we move it to a digitalocean droplet, so yeah
@NoNameByProgram

firefish (935)

@CatR3kd Well (according to google because I have no idea what that is) a digitalocean droplet is just a fancy VM, like repl.it is really an unfancy speeeedy VM called a container

CatR3kd (552)

hmm imma pretend i understand
ah that makes sense
@firefish

firefish (935)

@CatR3kd version control system, like this thingy

firefish (935)

@CatR3kd aight a VM is a virtual machine, bear in mind repl.it is really an unfancy speeeedy VM

firefish (935)

@CatR3kd Also WHAT why aren't you using mardown

Factions Online POSSIBLE UPDATES:

- [ ] Upgrade tiers
- [ ] Purchaseable military units
- [ ] Factions (Teams) and raiding mechanics
- [x] Disable ctrl+shift+i
- [x] Fix E-math auto banning
- [ ] Add infinity auto banning
- [ ] Leveling system
- [ ] Friend system
- [ ] Team chat
- [ ] Community/Public chat
- [ ] Friend chat /Approved by NoNameByProgram/
- [ ] Mod chat /Approved by NoNameByProgram/
- [ ] Dev chat /Approved by NoNameByProgram/
- [ ] Make website look nicer
- [ ] Logo/Favicon/Background
- [ ] Ad service (Minor amount)
- [ ] New name?
- [ ] Better banning system instead of account deletion (Maybe IP ban)
- [ ] Ban warnings
- [ ] Ban page
- [ ] Mod page
- [ ] Dev page
- [ ] Mod application?
- [ ] Dev application?

Once all that's done we can move to a digitalocean droplet with a .io domain

Feel free to add to the list
JosephMonticell (1)

its even better than cookie clicker no joke!

canyon2020 (9)

@NoNameByProgram, @CatR3kt You Should Add A Leveling Up system!

canyon2020 (9)

@CatR3kd Do you think you can achieve it? Also, im pretty good with programming. Finally, you should add a community chat area! (Just thought of this!)

CatR3kd (552)

yeah, I probably could. I'll ask for help though if I need it! And a chat area: Yeah we probably could! That would be more backend though so it would be more up to noname @canyon2020

CatR3kd (552)

Oh hey, @NoNameByProgram , so I just wanted to tell you that the E-math autoban does not work lol also, could you add an autoban for if the user's money is equal to infinity? lol I woke up to some dude named god who had infinity$

CatR3kd (552)

Oh and I DM'ed you on discord with a bunch of ideas that we could add, not like we need them all rn but just ideas (: @NoNameByProgram

NoNameByProgram (198)

@CatR3kd lmao ik
i think it works now, not too sure, but we'll leave it alone for an hour or so i guess

TalinSharma (72)

On the leaderboard, there is this "god" guy. HOW DOES HE HAVE INFINITY? Someone ban him. Fun game!

CatR3kd (552)

ooh, thanks for telling me. I'll ban him rn @TalinSharma

CatR3kd (552)

yeah, i took it down do to it being so popular it lagged all of repl lol @CuriousMonkey

canyon2020 (9)

I can do your art... what do you need

EmpireReedSQB (0)

how did you disable the enter key so people cant hold it down instead of clicking?

EmpireReedSQB (0)

@CatR3kd tell me how you blocked people from just holding enter instead of tapping

AidanTurc (2)

Are servers just full rn that's why it can't reach my repl?

CatR3kd (552)

No i turned it off because it was ending replit lol @AidanTurc

JustARegularR (1)

I forked it so i can play with my friends but it gives me errors? Could you help me?

zabuzatheashura (1)

Couldnt you just create a auto clicker to cheat

CatR3kd (552)

Nope theres a CPS cap that autobans cheaters @zabuzatheashura

CodersXD (22)

What Module do you use to save the game? like a login?

CatR3kd (552)

Yeah there's logins with cookies and a json file @CodersXD

NoNameByProgram (198)

@CodersXD we don't use any module for those two :O

noway15 (90)

Uh, @CatR3kd, I think something's wrong with the leaderboard because when you hit the "back" button, it takes you to the main site, but with an extra /index.html
maybe you could fix that?

Baconman321 (1090)

You know you can set an interval to click right? Although you seem to have a system worked out for that.

Baconman321 (1090)

@CatR3kd Still, you can set an interval to click slower, then leave the game to click for u

CatR3kd (552)

Yes, we're gonna implement AFK detection @Baconman321

Baconman321 (1090)

@CatR3kd just use window.onfocus and window.onblur (client side)

Baconman321 (1090)

@NoNameByProgram As long as you have client side scripts, there will always be a way around it. Just remember this: always treat info sent to backend by the client as unsafe and NEVER EVER handle sensitive information with javascript.

Baconman321 (1090)

@NoNameByProgram Also, I see you are storing passwords in a json file. This is a big nono. Repl has recently made databases, I suggest you use those to store passwords and usernames, not a file.

CatR3kd (552)

Yes, but we are going to move from repl eventually. Why is this a nono? @Baconman321

Baconman321 (1090)

@CatR3kd Because people can see your repl, your files, and everything except for the .env files, which are a pain to use to store things. Of course, you could always encrypt the passwords (store the key in an .env file, then get that using process.env.nameOfValue), but I recommend encrypting the passwords then storing them in a database. Of course, in practice (since if a hacker gets a hold of the file, then they can see what key you use since it's in the encrypt function), encrypting passwords is a bad idea, but no one can access your key in the env file (easily). In reality, however, when you move away from repl.it, hash passwords instead. Read about hashing here.

CatR3kd (552)

Hmmm, but lol the passwords are encrypted @Baconman321

Baconman321 (1090)

@CatR3kd With what? What algorithm? Also, when you use the key, do you store it in an env file so that no one sees your key (otherwise they can easily decrypt it)

CatR3kd (552)

I have no idea ask noname lol @Baconman321

Baconman321 (1090)

@NoNameByProgram what do you use for encryption. Also, do you store the key in an env?

NoNameByProgram (198)

@Baconman321 wdym "key"?
we use sha256 enc.

CatR3kd (552)

sadly kinda true lol
Did ya know cookiemann made it?
@NoNameByProgram

Baconman321 (1090)

@NoNameByProgram Ok, so that is a hash function. That is different than encryption. @CatR3kd told me it was encryption, but I see that it is a hash algorithm. Yeah, otherwise storing plain passwords in a json file is bad. Ok, NVM, just wanted to see how you secure your passwords :>
Edit: Sorry I took so long to respond, I'm not available over the weekends.

NoNameByProgram (198)

@Baconman321 why is hash so bad revealing to the public?
hmm???

Baconman321 (1090)

@NoNameByProgram It isn't. I was saying it was bad to reveal the passwords unencrypted/hashed. It's fine.

hihigood (2)

What is the daily reset for?

CatR3kd (552)

So that no single person dominates the leaderboard @hihigood

patrickxyz (0)

How do you make an account???????

CatR3kd (552)

You're gonna have to open in a new tab @patrickxyz

NoNameByProgram (198)

@HyawMatias try opening in a new tab - cookies do not work in an iframe

noway15 (90)

@CatR3kd I think that you should add a factor that increases the price of the bought items every time the user buys them. Otherwise, it's a fun game.

noway15 (90)

HEY IT WORKS NOW BOIS

EpicRaisin (254)

I ran the repl, and it said Started Server in the console, but I only see this

NoNameByProgram (198)

@EpicRaisin hmmm... it's supposed to be up forever, we'll look into it.

OskarBrady (7)

My name is the only one showing up on the leaderboard...

OskarBrady (7)

My computer is lagging so much

too much ahhhhh

CatR3kd (552)

Lol, this repl is super laggy because of all the users @TalinSharma

noway15 (90)

Huh, I guess that makes sense, maybe in the next version I guess you could add some code that maybe allows more users @CatR3kd

noway15 (90)

It can't connect to the repl. Why is that?

CatR3kd (552)

sigh... This game is too popular. There are 200+ users and it's laggy lol @noway15

noway15 (90)

What kind of JS is this running @CatR3kd

noway15 (90)

What exactly is the difference between node and [email protected]

noway15 (90)

Bruh I have YouTube muted, so rickrolling me is impossible. Nice try [email protected]

noway15 (90)

Also, what are the numbers in parentheses displayed right next to a user's name? @CatR3kd

NoNameByProgram (198)

@noway15 the cycles of the user (like reddit karma)

noway15 (90)

ya but how do you get cycles @NoNameByProgram

CatR3kd (552)

Upvotes or answering questions @noway15