FIXED! -Multiplayer Clicker Game- Factions Online
Hey Guys!
YESSS! It's finally done!
SO. Once upon a time I made a cool little clicker game and posted it on the share page, and it got pretty popular! So, me and @NoNameByProgram teamed up to make it online! Me and them (Mostly them) have added:
- A leaderboard
- An account system
- Removed console hacking
- A daily reset timer
- Removed Enter-Clicking
HOW TO PLAY:
The goal of Factions Online is to get the most money in the shortest amount of time. The game works by resetting nightly.
You have to get the most amount of money before then, to get your name on the leaderboard.
You get money by clicking and getting upgrades and autoclickers, like most clicker games.
Be sure to check out @NoNameByProgram , they are a super good coder and were CRUCIAL to this and did 99% of the NodeJS.
Note:
If it's not letting you make an account or start the game, try in a separate tab.
Please don't set your username to anything inappropriate, as we will smack you with the mighty banhammer.
Thanks so much!
P.S. If you liked this, I would a much appreciate an upvote!
-CatR3kd with <3
Edit: We are looking for an artist!
If you want to help out by making art, you can read and comment on this post. Thanks!
P.P.S: Don't click this link
Mhm. We're banning you if you have a bad word in your name. 24/7.
Oh yeah, boi. No getting past us. @NoNameByProgram
@CatR3kd you can use an automod that auto bans
yeah, we are actually working on that right now! @realTronsi
WOW THIS IS FUN
(reads: P.S. If you liked this, I would much appreciate an upvote!
-CatR3kd with <3) OH HAVE I NOT? UPVOTES
lol ty @GeumjuKim
2020
Hmmmm.... We Couldn't Reach Your Repl
Make sure your repl has a port open and is ready to receive HTTP traffic.
Does this sound familiar to anyone?
ew <i>
tag use <em>
yuck what is this
if (cookies.username && cookies.password) { if (cookies.username in accounts) { if (accounts[cookies.username] === sha256(cookies.password)) { res.render("html/game"); } else { res.render("html/index"); } } else { res.render("html/index"); } } else { res.render("html/index") }
use this
if (cookies.username && cookies.password && Object.keys(accounts).includes(cookies.username) && accounts[cookies.username] == sha256(cookies.password)) res.render(`${__dirname}/public/html/game`); else res.render(`${__dirname}/public/html/game`);
ew who uses var
you do know about this thing called hoisting which allows you to use variables before they are declared, please use let
app.get("/leaderboard", (req, res) => { res.render('html/leaderboard'); });
could become
app.get("/leaderboard", (req, res) => res.render('html/leaderboard'));
but you aren't actually returning the value of res.render("html/leaderboard")
so uh your choice
WHAT
if (seconds.toString().length === 1) { seconds = '0'+seconds.toString(); }
if an if
has one line in it do this:
if (seconds.toString().length == 1) seconds = `0${seconds}`;
USE INTERPOLATION PLEASE
If there is one parameter, omit the parentheses
socket.on('homeerror', (err) =>
should become
socket.on("homeerror", err =>
also you use arrow functions! a good thing.
also the function keyword hoists to the top of the function call as well, use
let myFunc = () => { /* ... */ }
always
Other than that your code is good
@CatR3kd Alright here is some CONSTRUCTIVE criticism about your code @NoNameByProgram (also you could've pinged him here but)
Also these principals apply to all JS
@firefish can i just die in peace :D
@firefish i would appreciate that
@NoNameByProgram It's just unidiomatic code is painful to look at
Hey @NoNameByProgram @lightningrock wants to know if he can help with the game, and im fine with that, just wanted to check with you
@firefish i'd agree
@CatR3kd Fine with that! Also, should we put this game on a Git repo?
gottem
jk lol
@NoNameByProgram
@NoNameByProgram Well yes, Git is like the best, repl.it's vcs is just a pig's breakfast
Yeah, I'm thinking if this game gets epic we move it to a digitalocean droplet, so yeah
@NoNameByProgram
@CatR3kd Also WHAT why aren't you using mardown
Factions Online POSSIBLE UPDATES: - [ ] Upgrade tiers - [ ] Purchaseable military units - [ ] Factions (Teams) and raiding mechanics - [x] Disable ctrl+shift+i - [x] Fix E-math auto banning - [ ] Add infinity auto banning - [ ] Leveling system - [ ] Friend system - [ ] Team chat - [ ] Community/Public chat - [ ] Friend chat /Approved by NoNameByProgram/ - [ ] Mod chat /Approved by NoNameByProgram/ - [ ] Dev chat /Approved by NoNameByProgram/ - [ ] Make website look nicer - [ ] Logo/Favicon/Background - [ ] Ad service (Minor amount) - [ ] New name? - [ ] Better banning system instead of account deletion (Maybe IP ban) - [ ] Ban warnings - [ ] Ban page - [ ] Mod page - [ ] Dev page - [ ] Mod application? - [ ] Dev application? Once all that's done we can move to a digitalocean droplet with a .io domain Feel free to add to the list
its even better than cookie clicker no joke!
well thanks! @JosephMonticell
@NoNameByProgram, @CatR3kt You Should Add A Leveling Up system!
Ooh yeah! @canyon2020
@CatR3kd Do you think you can achieve it? Also, im pretty good with programming. Finally, you should add a community chat area! (Just thought of this!)
yeah, I probably could. I'll ask for help though if I need it! And a chat area: Yeah we probably could! That would be more backend though so it would be more up to noname @canyon2020
@canyon2020 :ooooooo
Oh hey, @NoNameByProgram , so I just wanted to tell you that the E-math autoban does not work lol also, could you add an autoban for if the user's money is equal to infinity? lol I woke up to some dude named god who had infinity$
Oh and I DM'ed you on discord with a bunch of ideas that we could add, not like we need them all rn but just ideas (: @NoNameByProgram
@CatR3kd i'll check it later
OK cool @NoNameByProgram
@CatR3kd lmao ik
i think it works now, not too sure, but we'll leave it alone for an hour or so i guess
epic lol @NoNameByProgram
On the leaderboard, there is this "god" guy. HOW DOES HE HAVE INFINITY? Someone ban him. Fun game!
ooh, thanks for telling me. I'll ban him rn @TalinSharma
the pps is a rickroll. google go brrrrr (more videos indicates youtube, or just use curl)
{"CatR3kd":"8373a70a8833073d97bca27c08cafae2a7cd71451ce67b067ea7c5e0b1e6d3bf","oofman2595":"84d6fd9e40692a3b405ead34705cc589f6c2da192ab6eaf24bd5f0a59724a4e0","slfjsdf":"4879f4665010798ad3b16b82e5b0a1a909ec3e1a4c172cae8d5d64f5a13198e9","nskldkdslf":"2108b2e8a5f8fbb6b25e7f469888360df8d9fc2f7f97edd072b52bbdf2878c76"}
{"oofman2595":{"money":0,"mpc":1,"mps":0,"acb":0,"ecb":0},"slfjsdf":{"money":0,"mpc":1,"mps":0,"acb":0,"ecb":0},"nskldkdslf":{"money":0,"mpc":1,"mps":0,"acb":0,"ecb":0}}
lol i think this is not safe, who deleted the content of the .gitignore file?
I love this! Can I pls fork and repost with a mention to you without the daily reset.
Love, fb75
just realized that i forgot to stringify the json - everything is working now
lmfao should i rerelease?
@NoNameByProgram
Actually we could go back and add more stuff if you wanted to
@NoNameByProgram
@CatR3kd depends lol ur choice
umm it says
yeah, i took it down do to it being so popular it lagged all of repl lol @CuriousMonkey
I can do your art... what do you need
A favicon! @canyon2020
ez what do you want it to look like
@CatR3kd
"FO" @canyon2020
how did you disable the enter key so people cant hold it down instead of clicking?
JS magic @EmpireReedSQB
@CatR3kd tell me your wasy
???? lol @EmpireReedSQB
@CatR3kd tell me how you blocked people from just holding enter instead of tapping
BIG BRAIN @EmpireReedSQB
Ask noname @EmpireReedSQB
Are servers just full rn that's why it can't reach my repl?
No i turned it off because it was ending replit lol @AidanTurc
I forked it so i can play with my friends but it gives me errors? Could you help me?
Couldnt you just create a auto clicker to cheat
Nope theres a CPS cap that autobans cheaters @zabuzatheashura
Amazing!
Thanks! @Blackout4344
What Module do you use to save the game? like a login?
@CodersXD we don't use any module for those two :O
You know you can set an interval to click right? Although you seem to have a system worked out for that.
Yeah lol @Baconman321
@CatR3kd Still, you can set an interval to click slower, then leave the game to click for u
Yes, we're gonna implement AFK detection @Baconman321
@CatR3kd just use window.onfocus and window.onblur (client side)
@Baconman321 thanks!
@NoNameByProgram As long as you have client side scripts, there will always be a way around it. Just remember this: always treat info sent to backend by the client as unsafe and NEVER EVER handle sensitive information with javascript.
@NoNameByProgram Also, I see you are storing passwords in a json file. This is a big nono. Repl has recently made databases, I suggest you use those to store passwords and usernames, not a file.
Yes, but we are going to move from repl eventually. Why is this a nono? @Baconman321
@CatR3kd Because people can see your repl, your files, and everything except for the .env files, which are a pain to use to store things. Of course, you could always encrypt the passwords (store the key in an .env file, then get that using process.env.nameOfValue), but I recommend encrypting the passwords then storing them in a database. Of course, in practice (since if a hacker gets a hold of the file, then they can see what key you use since it's in the encrypt function), encrypting passwords is a bad idea, but no one can access your key in the env file (easily). In reality, however, when you move away from repl.it, hash passwords instead. Read about hashing here.
Hmmm, but lol the passwords are encrypted @Baconman321
@CatR3kd With what? What algorithm? Also, when you use the key, do you store it in an env file so that no one sees your key (otherwise they can easily decrypt it)
I have no idea ask noname lol @Baconman321
@NoNameByProgram what do you use for encryption. Also, do you store the key in an env?
@Baconman321 repl.it has a bad database.
@Baconman321 wdym "key"?
we use sha256 enc.
sadly kinda true lol
Did ya know cookiemann made it?
@NoNameByProgram
big brain
@NoNameByProgram
@NoNameByProgram Ok, so that is a hash function. That is different than encryption. @CatR3kd told me it was encryption, but I see that it is a hash algorithm. Yeah, otherwise storing plain passwords in a json file is bad. Ok, NVM, just wanted to see how you secure your passwords :>
Edit: Sorry I took so long to respond, I'm not available over the weekends.
@Baconman321 why is hash so bad revealing to the public?
hmm???
@NoNameByProgram It isn't. I was saying it was bad to reveal the passwords unencrypted/hashed. It's fine.
How do you make an account???????
You're gonna have to open in a new tab @patrickxyz
why wont it load?
@HyawMatias try opening in a new tab - cookies do not work in an iframe
@NoNameByProgram it worked thanks
HEY IT WORKS NOW BOIS
I ran the repl, and it said Started Server in the console, but I only see this
@EpicRaisin hmmm... it's supposed to be up forever, we'll look into it.
NOTICE TO ALL USERS:
We have seen the people hacking with HTML tags, and we are banning them completely. Numbers and symbols are banned for now. We are sorry for the inconvenience.
Yo what happened? I ate dinner and missed all the fun lol @NoNameByProgram
@CatR3kd people are putting html tags and now the leaderboard is dying
ooh wow.
edit: just saw the repl crash in the console lol
@NoNameByProgram
@CatR3kd i have no idea what to do
we could just disable the button until it is fixed? @NoNameByProgram
@CatR3kd it just got fixed phew
awesome, kudos to you @NoNameByProgram
Hey so some dude named asdf has 123412341234213e+22$.... How do I ban him? @NoNameByProgram
@CatR3kd lmfao
remove his name in the json files
ok lol @NoNameByProgram
@NoNameByProgram oh boy you had no XSS protection? If scripts were injected cookies could've been stolen and the attacker could login to an account via the cookie
@realTronsi ...what? that won't work. we use passwords
@NoNameByProgram ik but you have cookies, so leading a XSS attack could easily have stolen everyone's cookies and hence their accounts. Other more malicious things may happen as well, such as virus injections and/or ip loggers for DDoS attacks etc
@realTronsi oh god, i'm glad we added that username thing. but what if they put it in the password? will it still work?
@NoNameByProgram uh I haven't looked at your code, I'm assuming for the lb you're using innerHTML? If thats the case then that's the culprit. Passwords wont matter unless you're displaying someone's password
@realTronsi what's an lb? Anyway,
passwords are never displayed, so does it still apply?
@NoNameByProgram lb means leaderboard, and yes no need to worry about passwords
@realTronsi Ah! So everything is fixed now, phew!
Phew! That would've been bad. I was able to get onto repl real quick, and found a major bug. If you have the game open while it resets, you keep your progress. This is not good lol. Maybe you could ifx it by kicking the user off at 8:00? Like refresh the page? IDK, but I'm glad I noticed lol. I may or may not be able to respond to further comments lol
@NoNameByProgram
@CatR3kd i think it refreshes it....when was this exactly?
just at this reset. @NoNameByProgram
@CatR3kd yea, i just changed the code after the reset and now it's working...
it should work now
Cool. Thanks! oh btdubs I'll ping you on discord when iv'e finished the info page, it'll probably be tommorow. @NoNameByProgram
@CatR3kd k! cya!
cya! @NoNameByProgram
@NoNameByProgram pretty sure people are hacking again, there are insane numbers that were gotten in an hour or so
OK, I have been banning people but I can check again. @NathanPp
wdym how do they hack @NoNameByProgram
@CuriousMonkey i explained it...
@CatR3kd to stop people trying XSS hacks you could use a function like this to block all HTML tags. It won't allow any input surrounded by tags, like this
<this is a tag>
.Here is the function:
To add another layer of safety you could run this function before submitting the input:
Here is a repl I made which demonstrates how to use the functions: https://repl.it/@RolandJLevy/js-input-with-tags-blocked
@RolandJLevy Thanks! This will really help in the future!
@NoNameByProgram, that's great! Good luck with your project :)
Hey @NoNameByProgram , me and lightning rock were thinking of doing some big boy updates. We probably should turn off the project. So if you want to add the chat(s) feature, this could be a good time!
@CatR3kd i guess we could start the chat sometime today :D
Cool, yeah! I'm not gonna have very much free time today but if you want to do it without me, that's not a problem @NoNameByProgram
@CatR3kd any idea why the users are being banned?
Yeah, the json file keeps deleting itself. |: @NoNameByProgram