Aaric90

Leaderboards Without a server?

Recommended Posts

Aaric90    0

Hello,

I was hoping someone could help me out here. I'm working with a small team of people to make a game; something simple to start before we start major work on a grander game we have in mind. We may end up making more prior to the launch of the main thing. 

With that out of the way; the first project to get our feet wet in Unreal and basics is to make a basic shooter/survival like game- what better way to make people wanna play than some competitiveness? I want to add a leaderboard to track peoples scores and how long they survive. Downside is I don't have money for a server(though a basic shell may be viable if it is absolutely needed.)

Is there a way to make a leaderboard option without the use of a server? maybe having it stored on say a google document or a page on the main website and have it parsed/pulled and shown in game? 

Thank you in advance.

 

Share this post


Link to post
Share on other sites
Rutin    16

Would getting a very cheap shared hosting plan to have a database work? This is all you really need... Just update the database with scores, and pull from the database to display in game for your leaderboard scores. You do not need a full server that runs 24/7 with the numbers stored waiting for client requests for data to do this.

You can also host all the user logins on the database so you're updating registered users only.

Share this post


Link to post
Share on other sites
frob    44908
5 hours ago, Aaric90 said:

Is there a way to make a leaderboard option without the use of a server?

You will need somewhere to connect to, somewhere that has the data. There are many hosting sites that can handle it for free or extremely low cost.

That doesn't mean it must be complicated.  Wordpress is easy enough to set up for free, and with minimal PHP and WordPress knowledge you could set up a page that handles it.   You'll want to make sure the host provider allows the use, but assuming you're also redirecting people to your web page and not showing up oddly in their site statistics, you should be fine.

As you suggested in your post, you could then use standard web calls to serve up the data and to post new entries in the table.

Note that you'll still need to figure out how you'll handle attacks, cheaters posting fake scores, people attacking the server, and so on. 

Share this post


Link to post
Share on other sites
ncsu121978    1344

I urge extreme caution against letting the client connect directly to the database.  If you do then a modified client can connect to the database and issue *any* database command it wants, such as delete the whole thing.

If you have a server, even a very cheap one, that the client connects to, it shields your data from the client.  You could also do some kind of detection on the server when a client submits a score as well to ensure it makes sense.  For example, in a racing game, if the client said it completed race #5 in 4 seconds, you know that is impossible and discard the score without recording it in the leaderboards.  You have no such option if the client directly connects.

 

Share this post


Link to post
Share on other sites
Rutin    16
1 hour ago, ncsu121978 said:

I urge extreme caution against letting the client connect directly to the database.  If you do then a modified client can connect to the database and issue *any* database command it wants, such as delete the whole thing.

If you have a server, even a very cheap one, that the client connects to, it shields your data from the client.  You could also do some kind of detection on the server when a client submits a score as well to ensure it makes sense.  For example, in a racing game, if the client said it completed race #5 in 4 seconds, you know that is impossible and discard the score without recording it in the leaderboards.  You have no such option if the client directly connects.

 

You would never have a client directly make any SQL quires in this case. This is no different than having an online website that requests database information, you always pass it to another source that verifies what data is being requested, makes the pull securely once filtered (if it wasn't secure nobody would use databases online), pull the data - then confirm again it is indeed safe to share, close the connection, post the data online, and have the client pull from that read-only source . The client itself is only forwarding information it wants to a 3rd party requester, and waiting for the information to come back.

In this scenario the client holds no database connection information, or ability to index any data in the database. The sole purpose is to say "Send Username and Password from the client with request to update that users high-score - then wait for a response if successful" or "pull public leader-board information and post it in game".

I personally avoid this and use servers directly, but it's been awhile and I might be wrong but libcurl comes to mind and I would recommend starting there.

https://curl.haxx.se/

Share this post


Link to post
Share on other sites
trjh2k2    416

This is a terrible idea, and I don't recommend it...

BUT-

What if you temporarily used a service like Trello?  You can access it via rest/web API, don't need to pay for it, etc.

Share this post


Link to post
Share on other sites
Rutin    16
1 hour ago, trjh2k2 said:

This is a terrible idea, and I don't recommend it...

BUT-

What if you temporarily used a service like Trello?  You can access it via rest/web API, don't need to pay for it, etc.

It's for sure not something people should make a habit of doing. However, the user needs another solution because the server route is currently not an option right now.

I'm always curious to read other people's opinions and thoughts. What risk are you seeing from sending just a username and password (which hundreds of thousands of online services do) with a high score to a verification script that's hosted on a PHP server (as an example)? A lot of web applications work this way in general.

I fail to see any risk unless you have direct client to database access, which is being cut off completely.

The only issue you might run into is a slow down if too many calls are being made because of the amount of database connections. It's much different than loading initial detail from a database into a sever, holding all the data and doing a service maintenance that updates the database once a week.

Share this post


Link to post
Share on other sites
trjh2k2    416
5 minutes ago, Rutin said:

What risk are you seeing from sending just a username and password (which hundreds of thousands of online services do) with a high score to a verification script that's hosted on a PHP server (as an example)? A lot of web applications work this way in general.

Is the question directed at me?  Cause if this is in response to the trello suggestion, then I'm not sure I understand the question.

If you have access to a server where you can run php scripts, hold onto user accounts, etc., then the trello thing becomes irrelevant.  Just implement your leaderboard on that server.  Similarly, if you have access to the setup needed to validate an account via PHP then you should also be interfacing with your database that way, instead of directly.  Letting your client app talk directly to the database means that any client has full access to everything.  Putting your PHP session in between means that there's a point every message has to go through, that you're in control of, that can validate not only that a client has signed in, but that it's only going to succeed at doing thing it should be allowed to do.

Share this post


Link to post
Share on other sites
Rutin    16

I wasn't sure who your post was directed to "This is a terrible idea, and I don't recommend it..." haha still trying to keep my eyes open from a long day! As the idea of not using a server and going down the route of passing data back and forth through the web with PHP scripts can be slower, it's not necessarily less safe to the degree you would have to worry about bad information, and rouge database access if setup correctly. I don't like the idea for the fact you need to be able to maintain so many database connections at once, and the performance might not be there with a high amount of user access.

We seem to be on the same page, and I most likely read your response wrong. It's just very important people never do client to database connections.

Share this post


Link to post
Share on other sites

You cant get a server because of money. If anyone buys your game you'll have money. Why not host your own server on one of your own computers? It's not as if you expect to have crazy traffic, do you? Do you Apache? Maybe you should. 

Share this post


Link to post
Share on other sites
Aaric90    0

From what I'm gathering I can just have it pulled from the website and mirrored/pulled into the game when you click the leaderboard option? If so I'll just go that route.

That leads me into my next question- would a website be able to auto sort high scores that are submitted and update it daily? Is it much more feasible  to have it update weekly?

 

3 hours ago, h8CplusplusGuru said:

You cant get a server because of money. If anyone buys your game you'll have money. Why not host your own server on one of your own computers? It's not as if you expect to have crazy traffic, do you? Do you Apache? Maybe you should. 

This may sound like a dumb question but whats Apache? 

Share this post


Link to post
Share on other sites
fastcall22    10839

Apache is a web sever that manages TCP connections for HTTP communication.  Apache delegates the TCP connection to another script or process, which then processes the request and prepares an appropriate HTTP response with data.  With the appropriate accompanying apache2 module, you can use PHP, Python, or even Perl.  This is the easiest approach.

Another alternative is to write a program that listens to TCP connections on port 80, and handle the HTTP request/response yourself.

The idea with either approach is to handle the two major functions of a leader board:

  • Fetch the top ranking scores of all time
  • Add a high score entry

 

Share this post


Link to post
Share on other sites
Aaric90    0
8 minutes ago, fastcall22 said:

Apache is a web sever that manages TCP connections for HTTP communication.  Apache delegates the TCP connection to another script or process, which then processes the request and prepares an appropriate HTTP response with data.  With the appropriate accompanying apache2 module, you can use PHP, Python, or even Perl.  This is the easiest approach.

Another alternative is to write a program that listens to TCP connections on port 80, and handle the HTTP request/response yourself.

The idea with either approach is to handle the two major functions of a leader board:

  • Fetch the top ranking scores of all time
  • Add a high score entry

 

So would it be easier to use Apache as a go between or as the overall host for the site and leaderboard database? 

Or am i missing the point completely?

Share this post


Link to post
Share on other sites
Rutin    16
12 minutes ago, Aaric90 said:

So would it be easier to use Apache as a go between or as the overall host for the site and leaderboard database? 

Or am i missing the point completely?

I'm not sure if you're understanding the options.

1. Host the web server on your own computer using wamp which installs Apache, PHP, mySQL to run on Windows. Then program your client to talk to the web server by passing data to your PHP scripts that pulls data off the database and sends back the information to the client in a read only format. For leader-board sorting, you can sort data with PHP once pulled from the database and read it in any order you need, or send all leader-board data and sort it through the client. (If you're going to go through all this just make the server itself for the game on your computer, no point in doing web only - then once you have enough funds you can move the database and server to a dedicated host very easily!)

2. Pay for cheap shared-hosting like dreamhost, which has PHP and mySQL. Host your scripts on the web host, and access your database through them. You can use curl from what I remember to send and receive information as needed.

https://curl.haxx.se/

Share this post


Link to post
Share on other sites
Aaric90    0

I'm probably not understanding my options; and I hope i am now.

But to make sure I am this is how it SHOULD be set up. 

Client connects to website, website connects to Database submitting Longin/account information with high score data. . Database stores it and sorts it. At a set interval of time Database should send the information to update on the website so the Client can see the information on website and in the game?

And I will look into getting a tower and converting it to a database and one to convert into a webserver(to save on domain hosting costs down the road?). 

Share this post


Link to post
Share on other sites

Suggestion...

1. Distribute your software (game) and require that they register with your server to end up on the leaderboard. So the client sends a POST message with their e-mail in the message. The server responds with a signed sha256 hash of that e-mail. From that point on that signed hash identifies the player and is sent every single time the player needs to identify itself to the server. The signed hash and email go into a database on the server.

2. When a player's game is complete, it sends the same sha256 hash to the server with the relevant data (wins, losses, who played etc) in a POST message. That data goes into the database using the hash that identifies the player as a key.

3. When a player wants to see the leaderboard, they send a GET message to the server and a list of player statistics is returned (use e-mail or partial e-mail as a key with stastics as the value). The statistics are alll stored in a database so whenever the server recieves the GET message it just has to do a query.

^The problem will all of that is that it is certainly possible for a player to impersonate another player to the server or for a player impersonate the server to a player and cause all kinds of bad things to happen. You would need to use some kind scheme with public/private key encryption to prevent that. Ideally you would want a server to host the game...so the server is adding the statistics, not the client which you really have no control of.

No matter what you do I would not allow a direct sql connection from the client (player) to the server. Have a webapp to the inserting and querying and act as a shield.

Share this post


Link to post
Share on other sites
swiftcoder    18432

For this kind of thing it's worth looking at "serverless" solutions with on-demand pricing.

For example, via AWS (where I happen to work, BTW, but this isn't an official recommendation) you could setup a Lambda to handle the request from the device, and use that to update the database. That gives you the same client<->database isolation that a server does, but unlike a server, you'd only be billed for actual invocations of the Lambda (and there's a decent number of free invocations for new AWS accounts).

You should also look at Google's Firebase which offers the same general functionality under the name "Cloud Functions".

Share this post


Link to post
Share on other sites
fastcall22    10839
2 hours ago, Aaric90 said:

Client connects to website, website connects to Database submitting Longin/account information with high score data. . Database stores it and sorts it. At a set interval of time Database should send the information to update on the website so the Client can see the information on website and in the game?

Close; that last part is reversed.  The game website should either query the database directly or consume the API that your game will use, and render the leaderboard on the fly.
 

2 hours ago, Aaric90 said:

And I will look into getting a tower and converting it to a database and one to convert into a webserver(to save on domain hosting costs down the road?). 

The game website, the database, and the highscore API need not be on different servers.  Apache2, as well as other webservers, can be configured to direct requests to separate processes/scripts depending on the subdomain(s) used in the requests’ `Host` header.  Then, you can configure your domain to point all the subdomains to the correct servers.

Share this post


Link to post
Share on other sites
Rutin    16
2 hours ago, Aaric90 said:

I'm probably not understanding my options; and I hope i am now.

But to make sure I am this is how it SHOULD be set up. 

Client connects to website, website connects to Database submitting Longin/account information with high score data. . Database stores it and sorts it. At a set interval of time Database should send the information to update on the website so the Client can see the information on website and in the game?

And I will look into getting a tower and converting it to a database and one to convert into a webserver(to save on domain hosting costs down the road?). 

Can you please let me know what options you've tried from the above posts? Did you get a chance to look at https://curl.haxx.se/ for the Client -> Web Server -> Database and back? Are you going to host the web server on your own computer, or use a 3rd party?

There are only two sources here you need to worry about:

1. Client (Running on the users machine)

2. Web Server (This hosts all your PHP scripts to verify, and other scripts as you need, plus the Database)

I would strongly suggest you try out the suggestion I posted prior, or consider what swiftcoder posted.

If you're using your own computer use WAMP (If on Windows) to install all the tools you need, setup your Database, and program your scripts to work with the client, and database. If you're running into problems we can help a bit more, but I really cannot add anymore nor can anyone else because you have two options in your scenario. Host the web server yourself, or pay for cheap hosting that can access your script file, and host your database. At most this would take someone 30 minutes to setup if you know how to do all the scripting, and database creation. The more technical part would be with how your client talks to the web server, and what option you use to accomplish this task, such as https://curl.haxx.se/

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now