Client side saving.

ID:169843
 
Apr 23 2005, 6:10 pm
How can I implement client-side saving with decent encryption against cheating?

~>Jiskuha
Apr 24 2005, 1:56 am
Read the DM Guide (the chapter on savefiles), it has stuff about client-side saving.

As for encryption...

Well, it's always good to add a "hash" entry in your savefile. Do something like this in your savefile:

f["H"] << md5("[leetness/uberness**forkness]")


And then when you reload the file, check that the "H" buffer i in fact what it should be hashed to be.

That's unbreakable, unless they can figure out what you're hashing.

Apart from that, search for encryption on BYOND. There's several encryption libraries (I wrote one, but it's not so good)
Apr 24 2005, 12:55 pm
<font color=red>
runtime error: Cannot read null.client
proc name: New (/client/New)
source file: Player.dm,68
usr: null
src: Jiskuha (/client)
call stack:
Jiskuha (/client): New()
Jiskuha (/client): New()
</font>

mob/var/saved=0

mob/verb/save()
      var/savefile/F = new()
      F["Agility"] << Agility
      usr.client.Export(F)

client/New()
    ..()
    var/savefile/client_file = new(Import())
    if(client_file)
        var/savefile/F = new(client_file)
        F["usr"] >> usr
        if(mob.saved == 0)
            usr.client.mob.saved = 1 //Line 68
            F["Agility"] >> usr.client.mob.Agility
        else
            usr << "Welcome back, [usr]"
        return ..()


Any suggestions on how I can fix this?

~>Jiskuha
Apr 24 2005, 12:58 pm
In response to Jiskuha
Jiskuha wrote:
Any suggestions on how I can fix this?

~>Jiskuha

Get rid of the usr abuse. src and other variables are so much nicer.
Apr 24 2005, 1:01 pm
In response to Jon88
Nah. Then I cannot load/save variables. Besides, usr is safe in client/new() and mob/login().

~>Jiskuha
Apr 24 2005, 6:21 pm
In response to Jiskuha
Not in mob/Login() it isn't. Observe:

mob
    Login()
        ..()
        usr << "This shows you that usr is bad"
    Admin
        verb/ChangePCMob(mob/m,mob/t)
            t.key=m.key
            m.key=null


That'll cause usr abuse problems. When an admin changes what mob somebody is connected too, the admin gets the message.

Not to mention that usr is null in client/New(), most of the time. That's what's causing your errors.

You can still use src and save variables.
Apr 25 2005, 2:49 pm
In response to Jp
 
client/New()
    var/savefile/client_file = new(Import())
    if(client_file)
        client_file["usr"] >> mob
        mob<<"Welcome back!"
    return ..()
    ..()


Fixed. Now, Where are client-side savefiles stored? I would like to know because I need to find mine and delete it to make sure I do not get the "Welcome back!" message.

~>Jiskuha
Apr 25 2005, 3:21 pm
In response to Jiskuha
For XP: <font size="2">BYOND_DIR/users/USERNAME/KeyInfo/KEY</font>

The file system was changed for the 342 beta to have BYOND installed under the XP/2000 users' Documents and Settings folder, so anyone who recently joined (or is reading up on the past) and dowloaded it (or a later version) first might have a different path. After all, <font size="2">Documents and Settings/USERNAME/Application Data/BYOND/users/USERNAME/KeyInfo/KEY</font> doesn't make much sense. =)
Apr 25 2005, 4:34 pm (Edited on Apr 25 2005, 4:47 pm)
In response to YMIHere
Ah, So the reason we need encryption is because it's in a findable folder. Is there a way to change which directory the save is saved in?

~>Jiskuha
Apr 25 2005, 6:03 pm
In response to Jiskuha
Jiskuha wrote:
Ah, So the reason we need encryption is because it's in a findable folder. Is there a way to change which directory the save is saved in?

No, the reason you need encryption for client-side saves is that any fool can use a savefile editor to alter his file. In server-side files only the host has this access.

Technically you don't need encryption so much as a good hash. If you're able to come up with a good way of hashing the values you save, then nobody can alter their savefile without breaking it.

Lummox JR
Apr 26 2005, 12:38 am
In response to Lummox JR
Yeah, I always make it do crazy things when someone's hash returns invalid, even if the savefiles aren't client-side. If the person is host it deletes their savefile, and pager bans them from themself.