Skip to content
← Back to Community
FIXED! -Multiplayer Clicker Game- Factions Online
Profile icon
CatR3kd

Hey Guys!

YESSS! It's finally done!

SO. Once upon a time I made a cool little clicker game and posted it on the share page, and it got pretty popular! So, me and @NoNameByProgram teamed up to make it online! Me and them (Mostly them) have added:

  • A leaderboard
  • An account system
  • Removed console hacking
  • A daily reset timer
  • Removed Enter-Clicking

HOW TO PLAY:

The goal of Factions Online is to get the most money in the shortest amount of time. The game works by resetting nightly.
You have to get the most amount of money before then, to get your name on the leaderboard.
You get money by clicking and getting upgrades and autoclickers, like most clicker games.

Be sure to check out @NoNameByProgram , they are a super good coder and were CRUCIAL to this and did 99% of the NodeJS.

Note:

If it's not letting you make an account or start the game, try in a separate tab.

Please don't set your username to anything inappropriate, as we will smack you with the mighty banhammer.

Thanks so much!

P.S. If you liked this, I would a much appreciate an upvote!
-CatR3kd with <3

Edit: We are looking for an artist!

If you want to help out by making art, you can read and comment on this post. Thanks!

P.P.S: Don't click this link

Voters
Profile icon
LBWBDev
Profile icon
Rufus36
Profile icon
frostedbutton75
Profile icon
Kgbadz
Profile icon
Brendan23
Profile icon
StevenDavis2
Profile icon
elburg
Profile icon
LandonCode
Profile icon
DominicHuieWhit
Profile icon
AgastyaSandhuja
Comments
hotnewtop
Profile icon
NoNameByProgram

NOTICE TO ALL USERS:

We have seen the people hacking with HTML tags, and we are banning them completely. Numbers and symbols are banned for now. We are sorry for the inconvenience.

Profile icon
CatR3kd

Yo what happened? I ate dinner and missed all the fun lol @NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd people are putting html tags and now the leaderboard is dying

Profile icon
CatR3kd

ooh wow.
edit: just saw the repl crash in the console lol
@NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd i have no idea what to do

Profile icon
CatR3kd

we could just disable the button until it is fixed? @NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd it just got fixed phew

Profile icon
CatR3kd

awesome, kudos to you @NoNameByProgram

Profile icon
CatR3kd

Hey so some dude named asdf has 123412341234213e+22$.... How do I ban him? @NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd lmfao
remove his name in the json files

Profile icon
CatR3kd
Profile icon
realTronsi

@NoNameByProgram oh boy you had no XSS protection? If scripts were injected cookies could've been stolen and the attacker could login to an account via the cookie

Profile icon
NoNameByProgram

@realTronsi ...what? that won't work. we use passwords

Profile icon
realTronsi

@NoNameByProgram ik but you have cookies, so leading a XSS attack could easily have stolen everyone's cookies and hence their accounts. Other more malicious things may happen as well, such as virus injections and/or ip loggers for DDoS attacks etc

Profile icon
NoNameByProgram

@realTronsi oh god, i'm glad we added that username thing. but what if they put it in the password? will it still work?

Profile icon
realTronsi

@NoNameByProgram uh I haven't looked at your code, I'm assuming for the lb you're using innerHTML? If thats the case then that's the culprit. Passwords wont matter unless you're displaying someone's password

Profile icon
NoNameByProgram

@realTronsi what's an lb? Anyway,
passwords are never displayed, so does it still apply?

Profile icon
realTronsi

@NoNameByProgram lb means leaderboard, and yes no need to worry about passwords

Profile icon
NoNameByProgram

@realTronsi Ah! So everything is fixed now, phew!

Profile icon
CatR3kd

Phew! That would've been bad. I was able to get onto repl real quick, and found a major bug. If you have the game open while it resets, you keep your progress. This is not good lol. Maybe you could ifx it by kicking the user off at 8:00? Like refresh the page? IDK, but I'm glad I noticed lol. I may or may not be able to respond to further comments lol
@NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd i think it refreshes it....when was this exactly?

Profile icon
CatR3kd

just at this reset. @NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd yea, i just changed the code after the reset and now it's working...

it should work now

Profile icon
CatR3kd

Cool. Thanks! oh btdubs I'll ping you on discord when iv'e finished the info page, it'll probably be tommorow. @NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd k! cya!

Profile icon
CatR3kd
Profile icon
NathanPp

@NoNameByProgram pretty sure people are hacking again, there are insane numbers that were gotten in an hour or so

Profile icon
CatR3kd

OK, I have been banning people but I can check again. @NathanPp

Profile icon
CuriousMonkey

wdym how do they hack @NoNameByProgram

Profile icon
NoNameByProgram

@CuriousMonkey i explained it...

Profile icon
RolandJLevy

@CatR3kd to stop people trying XSS hacks you could use a function like this to block all HTML tags. It won't allow any input surrounded by tags, like this <this is a tag>.

Here is the function:

function isTag(str) { return /<[^>]*>/g.test(str); }

To add another layer of safety you could run this function before submitting the input:

function convertTags(str) { return unescape(str).replace(/</g, "&lt;").replace(/>/g, "gt;").trim(); }

Here is a repl I made which demonstrates how to use the functions: https://repl.it/@RolandJLevy/js-input-with-tags-blocked

Profile icon
NoNameByProgram

@RolandJLevy Thanks! This will really help in the future!

Profile icon
RolandJLevy

@NoNameByProgram, that's great! Good luck with your project :)

Profile icon
CatR3kd

Hey @NoNameByProgram , me and lightning rock were thinking of doing some big boy updates. We probably should turn off the project. So if you want to add the chat(s) feature, this could be a good time!

Profile icon
NoNameByProgram

@CatR3kd i guess we could start the chat sometime today :D

Profile icon
CatR3kd

Cool, yeah! I'm not gonna have very much free time today but if you want to do it without me, that's not a problem @NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd any idea why the users are being banned?

Profile icon
CatR3kd

Yeah, the json file keeps deleting itself. |: @NoNameByProgram

Profile icon
NoNameByProgram

Mhm. We're banning you if you have a bad word in your name. 24/7.

Profile icon
CatR3kd

Oh yeah, boi. No getting past us. @NoNameByProgram

Profile icon
realTronsi

@CatR3kd you can use an automod that auto bans

Profile icon
CatR3kd

yeah, we are actually working on that right now! @realTronsi

Profile icon
GeumjuKim

WOW THIS IS FUN
(reads: P.S. If you liked this, I would much appreciate an upvote!
-CatR3kd with <3) OH HAVE I NOT? UPVOTES

Profile icon
CatR3kd
Profile icon
OskarBrady

image
2020

Profile icon
MichaelBarnes0

Hmmmm.... We Couldn't Reach Your Repl
Make sure your repl has a port open and is ready to receive HTTP traffic.

Does this sound familiar to anyone?

Profile icon
firefish

ew <i> tag use <em>


yuck what is this

if (cookies.username && cookies.password) { if (cookies.username in accounts) { if (accounts[cookies.username] === sha256(cookies.password)) { res.render("html/game"); } else { res.render("html/index"); } } else { res.render("html/index"); } } else { res.render("html/index") }

use this

if (cookies.username && cookies.password && Object.keys(accounts).includes(cookies.username) && accounts[cookies.username] == sha256(cookies.password)) res.render(`${__dirname}/public/html/game`); else res.render(`${__dirname}/public/html/game`);

ew who uses var you do know about this thing called hoisting which allows you to use variables before they are declared, please use let


app.get("/leaderboard", (req, res) => { res.render('html/leaderboard'); });

could become

app.get("/leaderboard", (req, res) => res.render('html/leaderboard'));

but you aren't actually returning the value of res.render("html/leaderboard") so uh your choice


WHAT

if (seconds.toString().length === 1) { seconds = '0'+seconds.toString(); }

if an if has one line in it do this:

if (seconds.toString().length == 1) seconds = `0${seconds}`;

USE INTERPOLATION PLEASE


If there is one parameter, omit the parentheses
socket.on('homeerror', (err) =>
should become
socket.on("homeerror", err =>
also you use arrow functions! a good thing.


also the function keyword hoists to the top of the function call as well, use
let myFunc = () => { /* ... */ } always


Other than that your code is good

Profile icon
CatR3kd

Uh this is all nonamebyprogram's code maybe you should tag him lol I don't do the nodejs @firefish

Profile icon
firefish

@CatR3kd Alright here is some CONSTRUCTIVE criticism about your code @NoNameByProgram (also you could've pinged him here but)
Also these principals apply to all JS

Profile icon
NoNameByProgram

@firefish can i just die in peace :D

Profile icon
NoNameByProgram

@firefish i would appreciate that

Profile icon
CatR3kd
Profile icon
firefish

@NoNameByProgram It's just unidiomatic code is painful to look at

Profile icon
CatR3kd

Hey @NoNameByProgram @lightningrock wants to know if he can help with the game, and im fine with that, just wanted to check with you

Profile icon
CatR3kd

brutal jeez
jk lol
@firefish

Profile icon
NoNameByProgram

@firefish i'd agree

Profile icon
NoNameByProgram

@CatR3kd Fine with that! Also, should we put this game on a Git repo?

Profile icon
CatR3kd

gottem
jk lol
@NoNameByProgram

Profile icon
firefish

@NoNameByProgram Well yes, Git is like the best, repl.it's vcs is just a pig's breakfast

Profile icon
CatR3kd

Yeah, I'm thinking if this game gets epic we move it to a digitalocean droplet, so yeah
@NoNameByProgram

Profile icon
CatR3kd

wdym vcs @firefish

Profile icon
firefish

@CatR3kd Well (according to google because I have no idea what that is) a digitalocean droplet is just a fancy VM, like repl.it is really an unfancy speeeedy VM called a container

Profile icon
CatR3kd

hmm imma pretend i understand
ah that makes sense
@firefish

Profile icon
NoNameByProgram
Profile icon
firefish

@CatR3kd version control system, like this thingy
image

Profile icon
CatR3kd

hmm intersting lol @firefish

Profile icon
firefish

@CatR3kd aight a VM is a virtual machine, bear in mind repl.it is really an unfancy speeeedy VM

Profile icon
firefish

@CatR3kd Also WHAT why aren't you using mardown

Factions Online POSSIBLE UPDATES: - [ ] Upgrade tiers - [ ] Purchaseable military units - [ ] Factions (Teams) and raiding mechanics - [x] Disable ctrl+shift+i - [x] Fix E-math auto banning - [ ] Add infinity auto banning - [ ] Leveling system - [ ] Friend system - [ ] Team chat - [ ] Community/Public chat - [ ] Friend chat /Approved by NoNameByProgram/ - [ ] Mod chat /Approved by NoNameByProgram/ - [ ] Dev chat /Approved by NoNameByProgram/ - [ ] Make website look nicer - [ ] Logo/Favicon/Background - [ ] Ad service (Minor amount) - [ ] New name? - [ ] Better banning system instead of account deletion (Maybe IP ban) - [ ] Ban warnings - [ ] Ban page - [ ] Mod page - [ ] Dev page - [ ] Mod application? - [ ] Dev application? Once all that's done we can move to a digitalocean droplet with a .io domain Feel free to add to the list
Profile icon
CatR3kd

eh no big deal @firefish

Profile icon
firefish

@CatR3kd but markdown superior

Profile icon
JosephMonticell

its even better than cookie clicker no joke!

Profile icon
CatR3kd

well thanks! @JosephMonticell

Profile icon
canyon2020

@NoNameByProgram, @CatR3kt You Should Add A Leveling Up system!

Profile icon
CatR3kd

Ooh yeah! @canyon2020

Profile icon
canyon2020

@CatR3kd Do you think you can achieve it? Also, im pretty good with programming. Finally, you should add a community chat area! (Just thought of this!)

Profile icon
CatR3kd

yeah, I probably could. I'll ask for help though if I need it! And a chat area: Yeah we probably could! That would be more backend though so it would be more up to noname @canyon2020

Profile icon
NoNameByProgram

@canyon2020 :ooooooo

Profile icon
CatR3kd

Oh hey, @NoNameByProgram , so I just wanted to tell you that the E-math autoban does not work lol also, could you add an autoban for if the user's money is equal to infinity? lol I woke up to some dude named god who had infinity$

Profile icon
CatR3kd

Oh and I DM'ed you on discord with a bunch of ideas that we could add, not like we need them all rn but just ideas (: @NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd i'll check it later

Profile icon
CatR3kd
Profile icon
NoNameByProgram

@CatR3kd lmao ik
i think it works now, not too sure, but we'll leave it alone for an hour or so i guess

Profile icon
CatR3kd
Profile icon
TalinSharma

On the leaderboard, there is this "god" guy. HOW DOES HE HAVE INFINITY? Someone ban him. Fun game!

Profile icon
CatR3kd

ooh, thanks for telling me. I'll ban him rn @TalinSharma

Profile icon
elburg

@CatR3kd
image

Profile icon
CHRISTIANMATTHY

the pps is a rickroll. google go brrrrr (more videos indicates youtube, or just use curl)

Profile icon
Marc-020513

{"CatR3kd":"8373a70a8833073d97bca27c08cafae2a7cd71451ce67b067ea7c5e0b1e6d3bf","oofman2595":"84d6fd9e40692a3b405ead34705cc589f6c2da192ab6eaf24bd5f0a59724a4e0","slfjsdf":"4879f4665010798ad3b16b82e5b0a1a909ec3e1a4c172cae8d5d64f5a13198e9","nskldkdslf":"2108b2e8a5f8fbb6b25e7f469888360df8d9fc2f7f97edd072b52bbdf2878c76"}
{"oofman2595":{"money":0,"mpc":1,"mps":0,"acb":0,"ecb":0},"slfjsdf":{"money":0,"mpc":1,"mps":0,"acb":0,"ecb":0},"nskldkdslf":{"money":0,"mpc":1,"mps":0,"acb":0,"ecb":0}}
lol i think this is not safe, who deleted the content of the .gitignore file?

Profile icon
frostedbutton75

I love this! Can I pls fork and repost with a mention to you without the daily reset.
Love, fb75

Profile icon
NoNameByProgram

just realized that i forgot to stringify the json - everything is working now

Profile icon
CatR3kd

lmfao should i rerelease?
@NoNameByProgram

Profile icon
CatR3kd

Actually we could go back and add more stuff if you wanted to
@NoNameByProgram

Profile icon
NoNameByProgram

@CatR3kd depends lol ur choice

Profile icon
CuriousMonkey

umm it says
Screen Shot 2021-02-19 at 10.09.20 AM

Profile icon
CatR3kd

yeah, i took it down do to it being so popular it lagged all of repl lol @CuriousMonkey

Profile icon
canyon2020

I can do your art... what do you need

Profile icon
CatR3kd

A favicon! @canyon2020

Profile icon
canyon2020

ez what do you want it to look like
@CatR3kd

Profile icon
CatR3kd
Profile icon
EmpireReedSQB

how did you disable the enter key so people cant hold it down instead of clicking?

Profile icon
CatR3kd
Profile icon
EmpireReedSQB

@CatR3kd tell me your wasy

Profile icon
CatR3kd
Profile icon
EmpireReedSQB

@CatR3kd tell me how you blocked people from just holding enter instead of tapping

Profile icon
CatR3kd
Profile icon
CatR3kd

Ask noname @EmpireReedSQB

Profile icon
AidanTurc

Are servers just full rn that's why it can't reach my repl?

Profile icon
CatR3kd

No i turned it off because it was ending replit lol @AidanTurc

Profile icon
JustARegularR

I forked it so i can play with my friends but it gives me errors? Could you help me?

Profile icon
zabuzatheashura

Couldnt you just create a auto clicker to cheat

Profile icon
CatR3kd

Nope theres a CPS cap that autobans cheaters @zabuzatheashura

Profile icon
DJWang

Screen Shot 2020-11-01 at 8.28.21 AM

First 1 million!!!

Profile icon
CatR3kd
Profile icon
Blackout4344

Amazing!

Profile icon
CatR3kd
Profile icon
CodersXD

What Module do you use to save the game? like a login?

Profile icon
CatR3kd

Yeah there's logins with cookies and a json file @CodersXD

Profile icon
NoNameByProgram

@CodersXD we don't use any module for those two :O

Profile icon
noway15

Uh, @CatR3kd, I think something's wrong with the leaderboard because when you hit the "back" button, it takes you to the main site, but with an extra /index.html
maybe you could fix that?

Profile icon
CatR3kd

Yeah, we know lol @noway15

Profile icon
Baconman321

You know you can set an interval to click right? Although you seem to have a system worked out for that.

Profile icon
CatR3kd
Profile icon
Baconman321

@CatR3kd Still, you can set an interval to click slower, then leave the game to click for u

Profile icon
CatR3kd

Yes, we're gonna implement AFK detection @Baconman321

Profile icon
Baconman321

@CatR3kd just use window.onfocus and window.onblur (client side)

Profile icon
NoNameByProgram

@Baconman321 thanks!

Profile icon
Baconman321

@NoNameByProgram As long as you have client side scripts, there will always be a way around it. Just remember this: always treat info sent to backend by the client as unsafe and NEVER EVER handle sensitive information with javascript.

Profile icon
Baconman321

@NoNameByProgram Also, I see you are storing passwords in a json file. This is a big nono. Repl has recently made databases, I suggest you use those to store passwords and usernames, not a file.

Profile icon
CatR3kd

Yes, but we are going to move from repl eventually. Why is this a nono? @Baconman321

Profile icon
Baconman321

@CatR3kd Because people can see your repl, your files, and everything except for the .env files, which are a pain to use to store things. Of course, you could always encrypt the passwords (store the key in an .env file, then get that using process.env.nameOfValue), but I recommend encrypting the passwords then storing them in a database. Of course, in practice (since if a hacker gets a hold of the file, then they can see what key you use since it's in the encrypt function), encrypting passwords is a bad idea, but no one can access your key in the env file (easily). In reality, however, when you move away from repl.it, hash passwords instead. Read about hashing here.

Profile icon
CatR3kd

Hmmm, but lol the passwords are encrypted @Baconman321

Profile icon
Baconman321

@CatR3kd With what? What algorithm? Also, when you use the key, do you store it in an env file so that no one sees your key (otherwise they can easily decrypt it)

Profile icon
CatR3kd

I have no idea ask noname lol @Baconman321

Profile icon
Baconman321

@NoNameByProgram what do you use for encryption. Also, do you store the key in an env?

Profile icon
NoNameByProgram

@Baconman321 repl.it has a bad database.

Profile icon
NoNameByProgram

@Baconman321 wdym "key"?
we use sha256 enc.

Profile icon
CatR3kd

sadly kinda true lol
Did ya know cookiemann made it?
@NoNameByProgram

Profile icon
CatR3kd
Profile icon
Baconman321

@NoNameByProgram Ok, so that is a hash function. That is different than encryption. @CatR3kd told me it was encryption, but I see that it is a hash algorithm. Yeah, otherwise storing plain passwords in a json file is bad. Ok, NVM, just wanted to see how you secure your passwords :>
Edit: Sorry I took so long to respond, I'm not available over the weekends.

Profile icon
NoNameByProgram

@Baconman321 why is hash so bad revealing to the public?
hmm???

Profile icon
Baconman321

@NoNameByProgram It isn't. I was saying it was bad to reveal the passwords unencrypted/hashed. It's fine.

Profile icon
hihigood

What is the daily reset for?

Profile icon
CatR3kd

So that no single person dominates the leaderboard @hihigood

Profile icon
patrickxyz

How do you make an account???????

Profile icon
CatR3kd

You're gonna have to open in a new tab @patrickxyz

Profile icon
HyawMatias

why wont it load?

Profile icon
NoNameByProgram

@HyawMatias try opening in a new tab - cookies do not work in an iframe

Profile icon
HyawMatias

@NoNameByProgram it worked thanks

Profile icon
noway15

@CatR3kd I think that you should add a factor that increases the price of the bought items every time the user buys them. Otherwise, it's a fun game.

Profile icon
noway15

HEY IT WORKS NOW BOIS

Profile icon
EpicRaisin

I ran the repl, and it said Started Server in the console, but I only see this
image

Profile icon
NoNameByProgram

@EpicRaisin hmmm... it's supposed to be up forever, we'll look into it.