Developing High Scores/Online Leaderboard Service

Discussion in 'Public Game Developers Forum' started by travisdunn, Sep 7, 2009.

  1. travisdunn

    travisdunn Well-Known Member

    Aug 10, 2009
    68
    0
    0
    Developer
    Amsterdam, NL
    So, I started researching the different leaderboard services that have appeared – scoreloop, openfeint, igetscores, agon, gecode – and for my current project I decided that it was best to put together a simple, internal solution. I couldn’t find much discussion on the forums about supporting a high scores web service, other than talk about the different social networking services I mentioned.

    Are many of you doing this yourself? Is it something you think is better to hand off to a dedicated party, even if you don’t use all the extra feature hooks they offer?

    As an offshoot of some playing around I’m posting a 2-part tutorial on my blog about how I approached this with a Rails web service (shameless blog link); although the 1st part is just basic iPhone SDK techniques (probably inelegantly done at that), the 2nd part may be of interest, and heroku.com offers free Rails hosting so it’s a good place to experiment with no cost but your time.

    I assume other developers choose an existing service either (1) because it’s probably faster than implementing one personally, and (2) because it provides access to social networking features, and maybe some useful analytics as well. I think I may be a little library-/cloud-phobic in this regard, and would prefer the simplest solution, and one that I totally control.

    I guess it’s also just a bias on my part that I assume high scores are pretty much always a valuable addition to a game.

    Anyway, has anyone here developed a good leaderboard themselves?
     
  2. CommanderData

    CommanderData Well-Known Member
    Patreon Indie

    I developed my own leaderboard with PHP, MySQL, and HTML written in Notepad on my windows laptop. This stuff runs on my own webserver. ;)

    Seriously, I dislike the lack of control that other options provide. I don't like all the social networking and chat options because they detract from, you know, actually playing the damn game! There was not much competition out there back when I did this either, but my opinion still holds true today.

    You can see the leaderboards for Rogue Touch here. Global high scores definitely add value to any game, and I'm glad I set it up. My next generation of the online component will be more advanced than just high scores, but I can't talk about that new game just yet :D
     
  3. lazrhog

    lazrhog Well-Known Member

    Oct 1, 2008
    290
    1
    18
    Software
    UK
    Yeah did my own. Simple bit of php to query and update a database, and iPhone code to 'POST' data to website. Uses udid to reference the database. Dead simple really (I thought anyway ...)
     
  4. travisdunn

    travisdunn Well-Known Member

    Aug 10, 2009
    68
    0
    0
    Developer
    Amsterdam, NL
    Ah, it looks like I basically fell onto the same page as the both you about how to implement this.

    And the Rogue Touch listings are pretty sweet. I like the spread of rankings so that more players get a chance to appear on the boards. It also suggests 'minigames' played around the different ways you can rank. Nicely done.
     
  5. micah

    micah Well-Known Member

    Aug 24, 2009
    362
    0
    0
    game developer
    San Francisco
    Did either of you put any work into preventing people from cheating? I'm just curious because I've thought about this myself and it seems like it wouldn't be very difficult for someone to craft their own fake POST request and give themselves a really high score.
     
  6. Jeremy Alessi

    Jeremy Alessi Member

    Sep 1, 2009
    22
    0
    0
    It's possible but you have to think of the market. Most people aren't going to take the time to do what's necessary to find out what their iPhone uploaded to fake a score. As with most hacking the vast majority of people aren't going to bother and the ones who do usually like the challenge of beating your security which is what attracts them in the first place. Also, it's trivial enough to add encryption to your data and decipher it on the server.
     
  7. CommanderData

    CommanderData Well-Known Member
    Patreon Indie

    Yes I put thought into preventing cheaters (as well as people posting scores with swears in their names, since my game is rated 9+)... All implemented nicely, also included a geo-location IP address lookup to assign country flags to players (no need for GPS!). The relevant terms you want to look up are MD5s and hash and salt ;)

    Oh, and thanks for the compliment on the Rogue Touch leaderboards Travis, you're right... the format I chose lets a variety of people with differing play-styles to get a ranking place on the boards. Plus I can set up contests with minimal effort: just generate a new SQL Query and PHP script, then post about it in the forums and you're off and running :D
     
  8. xother

    xother Active Member

    Aug 18, 2009
    26
    0
    0
    Besides the MD5 hash and salt I would recommend using some sort of cryptography to avoid exposing your salt in the binary. For example a simple substitution cipher (link).
     
  9. fwish

    fwish Well-Known Member

  10. Anders

    Anders Well-Known Member

    Feb 3, 2009
    1,634
    0
    0
    Co-owner and CTO at Color Monkey
    Sweden
  11. lazrhog

    lazrhog Well-Known Member

    Oct 1, 2008
    290
    1
    18
    Software
    UK
    Yes. And a ban list too if I found people using swear words or cheating.
     
  12. CommanderData

    CommanderData Well-Known Member
    Patreon Indie

    Exactly. I also have a ban list so I can ban anyone by UDID. This stuff isn't rocket science if you do some homework on it... put a couple of days thought into it and almost anyone can make a solid leaderboard. :D

    xother's suggestion is one you must not take lightly either. I know that some pretty rabid fans of my game got tired of trying to guess secret character names from hints I was dropping and decided to read through my binary for strings with a hex editor!!! :)

    Needless to say, in the next update I encrypted all secret character names *and* the names of the classes/methods that enabled their special abilities. Unfortunately I learned a hard lesson as my version 1.0 characters were compromised. However, as I added new secrets in each update, no one was able to do the same trick again :D
     
  13. travisdunn

    travisdunn Well-Known Member

    Aug 10, 2009
    68
    0
    0
    Developer
    Amsterdam, NL
    Ok, I posted the second part of my leaderboard tutorial, which includes building a web service in Rails. You'll need to have or gain a cursory knowledge of Rails to set that up, but it's pretty typical web development stuff.

    To that end, I recommend deploying to heroku.com, if for nothing else other than testing since their initial hosting plan is free.

    CommanderData and xother, your comments about the binary being vulnerable are exactly right. Encryption would be a must for any serious online ranking.

    Anyway, I hope this is helpful to some of you, and that I haven't made any flagrant misuses of the SDK in the code. :p
     
  14. lynardo

    lynardo Well-Known Member

    Sep 12, 2009
    85
    0
    0
    Software developer
    Canada
    I rolled out a home made highscore service with LAMP, but the next update will switch everything to OpenFeint. It has the benefits of discovery, friends, and acheivements with very little effort.
     
  15. khangtoh

    khangtoh Well-Known Member

    May 31, 2009
    302
    0
    0
    Co-Founder/IPhone Dev @ LeftRight Studios
    Pittsburgh, PA
    Hi Travis

    Thanks for sharing your code and project with us, I actually have a similar rails app (http://smackbots.com/wwsc) that essentially does the same thing for a high score leaderboard. Eventually I would like to integrate Twitter and Facebook but just haven't found justification that doing that is going to be worthwhile.

    Here's another thing I had an issue with when I was implementing my own solution, what ways can you stop someone from taking the post request/params and posting multiple times with the same score/name and salt hash? That would still go through and insert that same score for that same player, right?
     
  16. xother

    xother Active Member

    Aug 18, 2009
    26
    0
    0
    To prevent that, you'll have to send something unique for every request along. For example a hashed timestamp + salt (a number) and the original timestamp. As long as the salt isn't hacked only your app can create a valid hash.
     
  17. travisdunn

    travisdunn Well-Known Member

    Aug 10, 2009
    68
    0
    0
    Developer
    Amsterdam, NL
    Anything you want to secure from tampering, throw into the hash. Because every value in the hash will be required to reconstruct it correctly, you could add a date value to parameters submitted, and require submission dates to be sufficiently unique on the web service end.

    You may also want to cap the slots a single player can occupy in your rankings.
     
  18. yarri

    yarri Well-Known Member

    #18 yarri, Sep 13, 2009
    Last edited: Sep 14, 2009
    Another shameless blog plug here but we're also using Rails although not on Heroku -- we went with a fixed price VPS hosting service running the Rails app and our website, together.

    One of the nice things about using a custom leaderboard is that you can add your own social networking features. We've integrated Facebook (both on iPhone and server side) and thinking about Twitter. Plus we create a funky custom game view for each user that they can email to their friends -- like displaying badges of their accomplishments.

    In other words -- I'm convinced custom leaderboards are the way to go, but why not add more social features into yours?

    --yarri

    PS: Have you seen the ObjectiveResrource class for the iPhone?
     

Share This Page