Building Browsergames » php

Plant Wars: Postmortem

plantwars — Fri, 20 Mar 2009 14:00:05 +0000

Plant Wars Logo

This is Jon from Plant Wars, which is yet another PBBG (what else would I be doing here?). I started the game around 9 months ago as I was searching for a job after graduating with a bachelor’s in Computer Science. I had only learned a minimal amount of PHP for a class project earlier in the year, so I definitely have used the process as a learning experience. Still, I’m pretty sure I can tell you more about what not to do than what to do. As with any web-based game, we are constantly developing and are far from being done.

First of all, set up a test site with its own test database. Keep it up to date so that you’re not tempted to cheat and just make this tiny change on the live site first. I cheated when I implemented the password change feature. The query it used when someone changed his password was “UPDATE Users SET Password=md5($newpassword)”. Notice something missing? That “WHERE Id=$_SESSION["Id"]” clause is just so easy to forget. That was a mess that would have been worth any level of inconvenience in maintaining the test site to avoid.

Secondly, I’d recommend using a framework, such as the Zend Framework for PHP. This is because I didn’t and still don’t. I don’t even have data access objects. Sure, I store some commonly used methods in files that I include on every page. Alas, I’m still in the habit of embedding queries in the pages directly. Separation of logic and presentation? Yeah, that’d be nice.. At my day job, I use the Struts framework with Java – and while it does make the initial development take somewhat longer in the case of Struts, it is definitely worth it. The maintainability is increased incredibly by the proper separation of concerns. Once you learn a framework, you should generally find that your productivity increases. The initial learning curve is worth the sacrifice at the beginning for the long term benefit.

Perhaps the most important thing I did right was to have my friend Daniel help me out whenever possible. Going at such an endless project alone is intimidating, and having someone else to shoulder some of the burden is essential. Coming home and seeing a new feature implemented that you didn’t have to lift a finger for is exhilarating. Plus, then you have someone to brainstorm with and to just talk with about the game. Your girlfriend (or mom, if that’s the case) may pretend to care, but she’s probably tired of hearing about it.

In the same vein, it’s essential to have some trustworthy staff members. Grant these people moderation powers on your game’s forum and give them the ability to check the logs for cheaters. Write a nice administration panel for them (and yourself) that will streamline the process of checking for cheaters. For example, one button click to see all users who have shared an IP address. Examining log files may be your thing, but it’s time that you should be spending developing. Ensure that your staff is – once again for emphasis – trustworthy, as well as good role models for your community.

If you have staff that you don’t know personally help on the site’s development, don’t give them access to the live database. Restrict them to the test site – another good reason for its existence. Merge their code yourself. I made the mistake of granting access to the live database to my first staff member. I got off easy when he just made a page to bump his stats up artificially.

My final recommendation is regarding monetization: if you would like to at least make enough cash to pay for your hosting costs (which we usually manage – if barely), ensure that people can donate for some advantage in your game. For example, with Plant Wars, donors gain fertilizer (which is spent to train, fight, etc) at twice the rate of non-donors. I charge a low price of $2/month, and I’m not sure if I would recommend going that low. My initial price was $5 and that received lots of complaints and no donors, but now that the game has progressed, I’m more inclined to believe that anyone who donates currently would be inclined to do so even if it were a couple bucks more expensive. Use your best judgment. Also, I allow anything that can be bought with real money to be sold player-to-player so that a) there is more motivation for people to give me real money and b) people who can’t give real money still have the opportunity to gain the same benefits with increased activity.

People hate clicking on ads. It is worth the minimal time investment necessary to sign up with some sort of pay-per-action network, such as CPALead (disclosure: referral link). This allows players to fill out an obnoxious survey for an in-game reward, while you get some money.

Come check out the Plant Wars blog and you can also follow us on Twitter! (As a related, post-final recommendation, open up communications from your game as much as possible. It increases the likelihood that someone will find you from a social networking site or a search engine.)

Building Browsergames: Buying Armor (PHP)

Luke — Mon, 22 Sep 2008 14:00:17 +0000

While we’ve built and integrated a weapons system into our game, we’re still missing something that (most) other games have – armor! Today we will be laying the initial groundwork down for our armor system.

To begin with, check out a copy of the source code for our tutorial:

svn checkout http://building-browsergames-tutorial.googlecode.com/svn/trunk/php/pbbg tutorial -r 26

With that done, we’re ready to get started.

Based on our poll from earlier, the majority chose that there should be 5 armor slots – head, torso, legs, right arm, and left arm. That’s a lot of slots – but not very hard to add to our stats table:

INSERT INTO stats(display_name,short_name) VALUES
	('Armor - Head','ahead'),
	('Armor - Torso','atorso'),
	('Armor - Legs','alegs'),
	('Armor - Right Arm','aright'),
	('Armor - Left Arm','aleft'),
	('Item Armor Slot','aslot');

You may have noticed that there’s an extra stat being added there – Item Armor Slot. This stat was added so that we can keep track of which armor slot an item should go in – we’ll take advantage of it later.

To begin with, we’ll need an Armor Shop page. We’ll start with a template, called armor-shop.tpl:



	The Armor Shop


	Welcome to the Armor Shop.
	Back to main
	Current Armor:
	
		
			Head:
			{if $ahead ne ''}
				{$ahead}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Torso:
			{if $atorso ne ''}
				{$atorso}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Legs:
			{if $alegs ne ''}
				{$alegs}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Right Arm:
			{if $aright ne ''}
				{$aright}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Left Arm:
			{if $aleft ne ''}
				{$aleft}
				
					
					
				
			{else}
				None
			{/if}
		
 
	
	You may purchase any of the armor listed below.
	{if $error ne ''}
		{$error}
	{/if}
	{if $message ne ''}
		{$message}
	{/if}
	
		{foreach from=$armor key=id item=i}
			
				{$i.name} - {$i.price} gold coins
				
					
					
				
		{/foreach}

If that code looks similar to you at all, that’s because it is – it’s essentially a copy of the weapon shop code. While I personally prefer to write templates for each individual piece of functionality, you could probably refactor the two templates into one – but I will leave that as an exercise for you, the reader.

There will probably be a lot more armor in our game than weapons – after all, there are 5 slots to fill with unique item types, as opposed to the single unique item type needed for weapons. We’ll retrieve a random list of 10 pieces of armor for our shop to display using this query:

SELECT DISTINCT(id), name, price FROM items WHERE type = 'Armor' ORDER BY RAND() LIMIT 10;

We’ve figured out how to retrieve the armor, and how to display it – so it’s time to write the logic that will actually do our heavy lifting for us. We’re going to keep all of our code inside armor-shop.php:


 
require_once 'smarty.php';
 
session_start();
 
require_once 'config.php';		// our database settings
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
	or die('Error connecting to mysql');
mysql_select_db($dbname);
// retrieve player's ID
$query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')",
			mysql_real_escape_string($_SESSION['username']));
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
 
require_once 'stats.php';	// player stats
 
$query = "SELECT DISTINCT(id), name, price FROM items WHERE type = 'Armor' ORDER BY RAND() LIMIT 10;";
$result = mysql_query($query);
$armor = array();
while($row = mysql_fetch_assoc($result)) {
	array_push($armor,$row);
}
$stats = array('atorso','ahead','alegs','aright','aleft');
foreach ($stats as $key) {
	$id = getStat($key,$userID);
	$query = sprintf("SELECT name FROM items WHERE id = %s",
			mysql_real_escape_string($id));
	$result = mysql_query($query);
	if($result) {
		list($name) = mysql_fetch_row($result);
		$smarty->assign($key,$name);
	}
}
 
$smarty->assign('armor',$armor);
$smarty->display('armor-shop.tpl');
 
?>

This code is also similar to the code for the weapons shop – however, you might notice one fairly large change. There doesn’t seem to be any code to display the user’s current armor!

This isn’t actually true, however – all we’ve done is convert our retrieval logic to be a little more generic. The 10 lines of code between line 25 and line 35 of armor-shop.php are all the code we need to display however many stats we want – although we’re currently only displaying 5.

We start off by defining the keys for our stats – we will use those to both retrieve the stat values, and set the appropriate values within our smarty template. Then, we loop through each of our stat keys, and retrieve their information. We can get away with this because the keys that we set up in our template and the keys that we used within our stats system are the same; if they weren’t, you would have to do something a little more complex to gain this amount of flexibility. After retrieving the stat’s information, we assign it to our template – and we’re displaying the user’s equipped armor, in 10 lines of code!

However cool that may be, however, we haven’t gotten to the main point of the armor shop yet – actually buying armor! Therefore, we’ll now add to our code in armor-shop.php so that it will respond appropriately when a user clicks on the ‘Buy’ button next to a piece of armor for sale. Before we can do that though, we will need to create armor-stats.php, so that we can retrieve stats for individual pieces of armor:


 
require_once 'stats-dry.php';
 
function getArmorStat($statName,$armorID) {
	return getStatDRY('Item',$statName,$armorID);
}
 
?>

With that done, we can now write the code to purchase armor:

if($_POST) {
	require_once 'armor-stats.php';		// armor stats
	$armorID = $_POST['armor-id'];
	$query = sprintf("SELECT price FROM items WHERE id = %s",mysql_real_escape_string($armorID));
	$result = mysql_query($query);
	list($cost) = mysql_fetch_row($result);
	$gold = getStat('gc',$userID);
	if ($gold > $cost) {
		$slot = getArmorStat('aslot',$armorID);
		$equipped = getStat($slot,$userID);
		if(!$equipped) {
			setStat($slot,$userID,$armorID);
			setStat('gc',$userID,($gold - $cost));
			$smarty->assign('message','You purchased and equipped the new armor.');
		} else {
			// they already have something equipped - display an error
			$smarty->assign('error','You are already wearing a piece of that kind of armor! You will need to sell your current armor before you can buy new armor.');
		}
	} else {
		$smarty->assign('error','You cannot afford that piece of armor.');
	}
}

And with that piece of code added, users can now purchase armor. As you can see, we are using the aslot stat that we added earlier to determine which armor slot a specific piece of armor should go in – this way, we can reduce the amount of code that we need to write to handle multiple armor slots.

Right now, players can buy armor – but they can’t sell it. Let’s add the code to handle users selling their armor:

if($_POST['sell']) {
	$armorSlot = getArmorStat('aslot',$_POST['sell']);
	$armorID = getStat($armorSlot,$userID);
	$query = sprintf("SELECT price FROM items WHERE id = %s",mysql_real_escape_string($armorID));
	$result = mysql_query($query);
	list($price) = mysql_fetch_row($result);
	$gold = getStat('gc',$userID);
	setStat('gc',$userID,($gold + $price));
	setStat($armorSlot,$userID,'');		
} else {

And with that piece of code added, users can now buy and sell their armor. The single last change that we need to make is adding the ‘Armor Shop’ link to index.tpl:

19	The Armor Shop

And that’s that! Here is all of the code for our new armor shop:


 
require_once 'smarty.php';
 
session_start();
 
require_once 'config.php';		// our database settings
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
	or die('Error connecting to mysql');
mysql_select_db($dbname);
// retrieve player's ID
$query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')",
			mysql_real_escape_string($_SESSION['username']));
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
 
require_once 'stats.php';	// player stats
 
if($_POST) {
	require_once 'armor-stats.php';		// armor stats
	if($_POST['sell']) {
		$armorSlot = getArmorStat('aslot',$_POST['sell']);
		$armorID = getStat($armorSlot,$userID);
		$query = sprintf("SELECT price FROM items WHERE id = %s",mysql_real_escape_string($armorID));
		$result = mysql_query($query);
		list($price) = mysql_fetch_row($result);
		$gold = getStat('gc',$userID);
		setStat('gc',$userID,($gold + $price));
		setStat($armorSlot,$userID,'');		
	} else {	
		$armorID = $_POST['armor-id'];
		$query = sprintf("SELECT price FROM items WHERE id = %s",mysql_real_escape_string($armorID));
		$result = mysql_query($query);
		list($cost) = mysql_fetch_row($result);
		$gold = getStat('gc',$userID);
		if ($gold > $cost) {
			$slot = getArmorStat('aslot',$armorID);
			$equipped = getStat($slot,$userID);
			if(!$equipped) {
				setStat($slot,$userID,$armorID);
				setStat('gc',$userID,($gold - $cost));
				$smarty->assign('message','You purchased and equipped the new armor.');
			} else {
				// they already have something equipped - display an error
				$smarty->assign('error','You are already wearing a piece of that kind of armor! You will need to sell your current armor before you can buy new armor.');
			}
		} else {
			$smarty->assign('error','You cannot afford that piece of armor.');
		}
	}
}
$query = "SELECT DISTINCT(id), name, price FROM items WHERE type = 'Armor' ORDER BY RAND() LIMIT 10;";
$result = mysql_query($query);
$armor = array();
while($row = mysql_fetch_assoc($result)) {
	array_push($armor,$row);
}
$stats = array('atorso','ahead','alegs','aright','aleft');
foreach ($stats as $key) {
	$id = getStat($key,$userID);
	$query = sprintf("SELECT name FROM items WHERE id = %s",
			mysql_real_escape_string($id));
	$result = mysql_query($query);
	if($result) {
		list($name) = mysql_fetch_row($result);
		$smarty->assign($key,$name);
	}
}
 
$smarty->assign('armor',$armor);
$smarty->display('armor-shop.tpl');
 
?>

And here’s the code for the template(armor-shop.tpl):



	The Armor Shop


	Welcome to the Armor Shop.
	Back to main
	Current Armor:
	
		
			Head:
			{if $ahead ne ''}
				{$ahead}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Torso:
			{if $atorso ne ''}
				{$atorso}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Legs:
			{if $alegs ne ''}
				{$alegs}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Right Arm:
			{if $aright ne ''}
				{$aright}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Left Arm:
			{if $aleft ne ''}
				{$aleft}
				
					
					
				
			{else}
				None
			{/if}
		
 
	
	You may purchase any of the armor listed below.
	{if $error ne ''}
		{$error}
	{/if}
	{if $message ne ''}
		{$message}
	{/if}
	
		{foreach from=$armor key=id item=i}
			
				{$i.name} - {$i.price} gold coins
				
					
					
				
		{/foreach}

If you’re having trouble getting some armor into your shop to play around with, here’s a quick SQL query you can run to insert some sample armors:

INSERT INTO items(name,type,price) VALUES ('Sample Helmet','Armor',10);
	INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) VALUES ((SELECT id FROM stats WHERE short_name='aslot'),(SELECT id FROM items WHERE name='Sample Helmet'),'ahead','Item');
INSERT INTO items(name,type,price) VALUES ('Sample Torso','Armor',10);
	INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) VALUES ((SELECT id FROM stats WHERE short_name='aslot'),(SELECT id FROM items WHERE name='Sample Torso'),'atorso','Item');
INSERT INTO items(name,type,price) VALUES ('Sample Legs','Armor',10);
	INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) VALUES ((SELECT id FROM stats WHERE short_name='aslot'),(SELECT id FROM items WHERE name='Sample Legs'),'alegs','Item');
INSERT INTO items(name,type,price) VALUES ('Sample Right Arm','Armor',10);
	INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) VALUES ((SELECT id FROM stats WHERE short_name='aslot'),(SELECT id FROM items WHERE name='Sample Right Arm'),'aright','Item');
INSERT INTO items(name,type,price) VALUES ('Sample Left Arm','Armor',10);
	INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) VALUES ((SELECT id FROM stats WHERE short_name='aslot'),(SELECT id FROM items WHERE name='Sample Left Arm'),'aleft','Item');

Extra Credit

Refactor the weapon shop code to use the same code as the armor shop for displaying current equipment.
Refactor the weapon/armor shop templates so that both pages can use the same template.
Refactor both pieces of code, so that there is only one template and one code file for weapons and armor.

There was a small bug found in the weapon stat’s retrieval code during the writing of this entry – make sure to update your checked out version!

Sending unknown number of variable parameters to new page in HTML

gostyloj — Wed, 17 Sep 2008 14:00:34 +0000

Before I get started I wanted to say that I am not a web server expert so if you know of a better way to do this, post it in the comments and I will thank you as I implement your knowledge in my game.

When using PHP you eventually come to the realization that your gatekeepers for everything you do and display are HTTP and HTML. Â They are both great tools but were designed with a more static implementation in mind. Values passed to new web pages are set up in key->value pairs that are accessed with an associative array using the name of the parameter as the key (ie. $_POST['myParam']). Â This post will deal with the issue of how to send an unknown number of parameters which are user set to a new page which can then use those parameters correctly.

My particular implementation is my Mining page in my game TerraTanks. Â The mining page allows the user to set the type of mining on each of their planets so that if they are deficient in a particular resource, they can mine it out faster. Â I wanted to make sure that this could be changed globally, so the mining page will show all of your planets and each planet will have a set of radio buttons allowing you to change the mining settings. Â With these constraints, you cannot know how many planets the user will have and you must write your code to account for any number of parameters.

This is a simplified version of what I have:

$count = 0;
 
// I have the result set for all my mining planets in $result
while ($result && $element = mysql_fetch_object($result))
{
    // code displaying what I need about planet //
 
    echo "\"radio\" name=\"miner{$count}\" value=\"normal,$element->location\" checked>Normal";
    echo "\"radio\" name=\"miner{$count}\" value=\"iron,$element->location\">Iron";
    $count++;
}

I am creating the name of the radio button group by appending the value of $count the the word miner and then incrementing count as long as there are planets. Basically, I am hacking together my own array. It should be noted that I am setting the first radio button to the checked state. The web page that will read the input depends on everything that exists having a value so it is necessary to make sure that something is selected. In your work you will want to check what the value is previously set to and make sure the correct radio button is checked when the page loads.

You may also notice that I am shoving a lot of data into the value sent appended by commas. This is a decent way of shoving related data through without having to define a ton of variables.

Now we have to create something on the receiving page that will correctly read in the values that we are sending. This is the code that I am using:

$x = 0;
$indexName = "miner" . $x;
while ($_POST[$indexName])
{
	$miner[$x] = $_POST[$indexName];
	$x++;
	$indexName = "miner" . $x;	
}

If you read the code in English it roughly says, as long as there is a POST value at the index miner{$x} where $x starts at 0 and increments by one then just keep incrementing $x and saving the value into my own array. This is why it was so important that as long as you had a planet you had a value that was passed. If you set a value for planet 0, 1, and 5 but not 2, 3, or 4 then the code would stop at 2, determine there was no value and would never get to 5.

Now instead of creating a second pseudo array with hidden inputs that pointed to the location of the planet, I packed all the information into a comma appended string. When I get the value of $miner[$x] I can use the php function explode to separate out the sub values.

$minerParts[$x] = explode (",", $miner[$x]);
 
// now $minerParts[$x][0] is the mining type and $minerParts[$x][1] is the location

So there is a way to send an unknown number of variables to a new page. Like I said, if you know of a better way make sure you post it in the comments. I don’t claim to be an expert on this subject, it is just how I resolved this problem.

Building Browsergames: Integrating weapons into our combat system (PHP)

Luke — Fri, 12 Sep 2008 14:00:15 +0000

For all that we’ve built both a combat system and a weapons system, we haven’t yet done anything that allows the weapon a user has selected as their primary weapon to affect the combat system. Today, we will be integrating weapons into our combat system, so that the stats of the weapon actually affect the combat results.

This is actually a lot easier than it sounds – all we have to do is retrieve the weapon’s ‘attack’ stat, use it to modify the damage that the player does, and we’re finished! We’ll open up forest.php, to the piece of code that retrieves our player’s attack:

$player = array (
	name		=>	$_SESSION['username'],
	attack 		=>	getStat('atk',$userID),
	defence		=>	getStat('def',$userID),
	curhp		=>	getStat('curhp',$userID)
);

Unfortunately, we don’t yet have a weapon stats retrieval system – but thanks to our DRY changes from earlier, that’s an easy piece of code to add:


 
require_once 'stats-dry.php';
 
function getWeaponStat($statName,$weaponID) {
	return getStatDRY('Weapon',$statName,$weaponID);
}
 
?>

Because we won’t be allowing users to modify the stats of weapons in the game, we only need to add the getWeaponStat function. Save that file as weapon-stats.php, and go back to forest.php. First off, we’ll require our weapon stats code:

4	require_once 'weapon-stats.php';

Because we’re using a simple combat formula, we can directly modify the player’s attack attribute in the associative array that we are using to store their stats. Here’s how we would retrieve their primary weapon, and then add it’s attack to the player’s:

28
29
30

$phand = getStat('phand',$userID);
$atk = getWeaponStat('atk',$phand);
$player['attack'] += $atk;

And with that small piece of code added, we’re finished! If the weapon has an attack value(even if it’s negative), it will be added to the player’s when they attack the monster.

Extra Credit

Make the combat system display the name of the weapon when the player attacks – e.g. “You attack with your for 10 damage!”.

There was a small bug with the stats retrieval code found in this version of the tutorial – it has been fixed in the latest revision of the Google Code Repository. Make sure to update if you’ve been using it!

Saving Database Space through Bit-masking

gostyloj — Thu, 04 Sep 2008 14:00:34 +0000

This is a trick you can use to increase the efficiency and readability of your project. It is an argument for good up front design as utilizing this is only plausible when you take the time and effort at the beginning. The following is a real world example from my game TerraTanks.

The problem is that you have an object with a ton of properties that are incredibly similar and they describe the object in a yes|no fashion. In my case, players can do 24 types of research and the state of the player is “yes, I have done that particular research” or “no, I have not done that research”.

One solution is to make a table with a column that associates with the player id and a boolean column for every type of research that you have. Now if you have 24 types of research your table is 25 columns big. This can get out of hand pretty quickly. The table becomes hard to read and you have to use different code (or procedurally dynamic code) to set individual columns.

Another solution is to add a column to your player definition table and make it type INT UNSIGNED. Then you let your code efficiently handle interpreting the integer as the player’s research definition through bit masking. Here’s how it works.

The maximum value of an unsigned INT in MySQL is 4294967295. In binary this number looks like 11111111111111111111111111111111. That is 32 1’s in a row. Each of those digits can describe a research type as ‘have’ (it is a 1) or ‘have not’ (it is a 0). Now in a global file for your code you need to define each research type as a number that is a power of 2. It would look something like this in PHP:

$g_shield_research = 1;              // in binary 001
$g_armor_piercing_research = 2;  // in binary 010
$g_mining_research = 4;             // in binary 100

Now if you want to know whether you have a particular research you would perform a bitmask operation on the integer you retrieve from your database using the & operator.

// will mask players research and return true if the mining bit is set to 1
if ($element->research & $g_mining_research)

The bit masking procedure is extremely efficient and fast and you can see how it compresses all the research information into the size of an integer. Also, if you want to know everything about a player’s research you only have to retrieve a single integer from the database.

Assigning research to a player is also very easy. Simply bitwise OR the current research integer with the set bitmask using the | operator:

$newPlayerResearch = $element->research | $g_shield_research;

You can technically add the two numbers to get the same result, but this is unsafe because if you add the research when it is already there it will throw everything off.

There are some pitfalls to using this trick. While it is easy to add another type of research just by assigning its mask to the next highest power of 2, you are limited to 32 total research types. One way to get around this is to make the column type BIGINT which would give you 64 bits to work with, but at the end of the day you are still limited. Also, once a game starts the research you choose for that bit position is pretty much stuck there unless you want to do some math maintenance.

While this trick will tend to make your code more readable because database statements won’t be as long, your database entry will not be human readable so it could slow down your debugging efforts.

So there you have it. A very powerful tool if used wisely. Please design well before you start writing code. It makes life easier.

Building Browsergames: now on Google Code!

Luke — Thu, 28 Aug 2008 14:00:43 +0000

If you’ve been following along with our tutorial at all, you may have noticed that our code files tend to…evolve over time. Templates go from being simple list-of-links affairs to being filled with loops and conditionals and all kinds of other goodies.

Today, I have news for you that will make it much easier to follow the different versions that our tutorial goes through – it’s now under source control! With the help of John Munsch, the Building Browsergames tutorial is now on Google Code. You can take a look at the project by visiting http://code.google.com/p/building-browsergames-tutorial/. You can check out the latest version of the entire tutorial’s codebase by issuing this command:

svn checkout http://building-browsergames-tutorial.googlecode.com/svn/trunk building-browsergames-tutorial-read-only

Which will retrieve the latest version(in all languages) and store it into a directory called building-browsergames-tutorial-read-only. If you’d like to check out the latest version of the code for a specific language, you can use this command:

svn checkout http://building-browsergames-tutorial.googlecode.com/svn/trunk/language/pbbg buildingbrowsergames-tutorial-read-only

..Where ‘language’ is one of the languages that the tutorial has been implemented in(currently, ‘perl’, ‘php’, and ‘rubyonrails’ are available).

You can also update the code if you retrieved the latest copy and then new changes are committed by running the svn update command:

svn update

Don’t know what Subversion is, or how to use it on your system? Take a look at this introduction to Subversion screencast to learn more.

Building Browsergames: Swapping Weapons (PHP)

Luke — Tue, 19 Aug 2008 14:00:15 +0000

It was a close race, but in the end the results of our poll on whether users should dual wield their weapons or have to toggle which one was active have been decided: users will toggle which weapon is currently active. Today, we’re going to be implementing that functionality.

The ’swap weapon’ page is a fairly simple one – all we need is a template and some code to handle it(we even wrote most of it earlier, when we built our weapons shop). We’ll start off with the template, and call it equipment.tpl:



	Equipment Management


	Current Equipment:
	Back to main
	
		
			Primary Hand:
			{if $phand ne ''}
				{$phand}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Secondary Hand:
			{if $shand ne ''}
				{$shand}
				
					
					
				
			{else}
				None
			{/if}

This template is relatively simple, and essentially just the top parts of the weapon shop’s template – we even left in the ‘Sell’ buttons, so that users can sell their equipment straight from their equipment page. We have to make sure that the ’swap’ button has a ‘name’ attribute – that way we can check $_POST later to see if it was clicked. Next we’ll build equipment.php, which is responsible for retrieving the current weapons a user is using, and displaying this template:


 
require_once 'smarty.php';
 
session_start();
 
require_once 'config.php';		// our database settings
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
	or die('Error connecting to mysql');
mysql_select_db($dbname);
// retrieve player's ID
$query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')",
			mysql_real_escape_string($_SESSION['username']));
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
 
require_once 'stats.php';	// player stats
$phand = getStat('phand',$userID);
$shand = getStat('shand',$userID);
$phand_query = sprintf("SELECT name FROM items WHERE id = %s",
				mysql_real_escape_string($phand));
$result = mysql_query($phand_query);
if($result) {
	list($phand_name) = mysql_fetch_row($result);
	$smarty->assign('phand',$phand_name);
}
$shand_query = sprintf("SELECT name FROM items WHERE id = %s",
				mysql_real_escape_string($shand));
$result = mysql_query($shand_query);
if($result) {
	list($shand_name) = mysql_fetch_row($result);
	$smarty->assign('shand',$shand_name);
}
$smarty->display('equipment.tpl');
 
?>

Essentially, all that we’re going to be adding on to this code is handling for a POST request; if something is POSTed to this page, we swap the user’s current weapons. The code is fairly simple, as you can see:

if($_POST) {
	setStat('phand',$userID,$shand);
	setStat('shand',$userID,$phand);
	$temp = $shand;
	$shand = $phand;	
	$phand = $temp;
}

And that’s all there is to it! We just add another link to our index page:

19	Equipment Management

And we’re finished! Here’s the code for our template:



	Equipment Management


	Current Equipment:
	Back to main
	
		
			Primary Hand:
			{if $phand ne ''}
				{$phand}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Secondary Hand:
			{if $shand ne ''}
				{$shand}
				
					
					
				
			{else}
				None
			{/if}

And here’s the code for the file that handles the functionality behind the template:


 
require_once 'smarty.php';
 
session_start();
 
require_once 'config.php';		// our database settings
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
	or die('Error connecting to mysql');
mysql_select_db($dbname);
// retrieve player's ID
$query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')",
			mysql_real_escape_string($_SESSION['username']));
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
 
require_once 'stats.php';	// player stats
$phand = getStat('phand',$userID);
$shand = getStat('shand',$userID);
if($_POST) {
	setStat('phand',$userID,$shand);
	setStat('shand',$userID,$phand);
	$temp = $shand;
	$shand = $phand;	
	$phand = $temp;
}
$phand_query = sprintf("SELECT name FROM items WHERE id = %s",
				mysql_real_escape_string($phand));
$result = mysql_query($phand_query);
if($result) {
	list($phand_name) = mysql_fetch_row($result);
	$smarty->assign('phand',$phand_name);
}
$shand_query = sprintf("SELECT name FROM items WHERE id = %s",
				mysql_real_escape_string($shand));
$result = mysql_query($shand_query);
if($result) {
	list($shand_name) = mysql_fetch_row($result);
	$smarty->assign('shand',$shand_name);
}
$smarty->display('equipment.tpl');
 
?>

Building Browsergames: Buying Weapons (PHP)

Luke — Mon, 11 Aug 2008 14:00:09 +0000

Based on the results of our poll, you’ve all voted that players should carry two weapons(of any type they want), with a primary hand and a secondary hand that can both have weapons in them.

Our stats system is perfect for this – all we have to do is add another stat for players that keeps track of which weapon is in their primary hand, and which weapon is in their secondary hand.

INSERT INTO stats(display_name, short_name) VALUES ('Primary Hand Weapon','phand'),('Secondary Hand Weapon','shand');

With the new stats inserted, we can now start writing code to take advantage of them. But how will users obtain weapons to equip?

For the moment, players will get weapons at the Weapons Shop – which is what we will be building today. The weapons shop will list off a random selection of weapons that are available for users to purchase, and automatically put weapons into primary or secondary hands after a user purchases them.

In order for our items to work in a shop, however, we need to make another change – adding prices to them! We’ll add a column to our items table called ‘price’, and set it to have a default value of 10(for 10 gold coins):

ALTER TABLE  'items' ADD  'price' INT NOT NULL DEFAULT  '10';

With that finished, we can start working a little more on the actual Weapon Shop page. First off, we’ll build a template for the shop and call it weapon-shop.tpl:



	The Weapon Shop


	Welcome to the Weapon Shop.
	Current Equipment:
	
		Primary Hand: {if $phand ne ''}{$phand}{else}None{/if}
		Secondary Hand: {if $shand ne ''}{$shand}{else}None{/if}
	
	Below are the weapons currently available for purchase.
	
		{foreach from=$weapons key=id item=i}
			
				{$i.name} - {$i.price} gold coins
				
					
					
				
		{/foreach}

As you can probably see based on our template, we will be using a foreach loop to list off all of the weapons that are currently available. We’re going to use a fairly simple SQL query to list off 5 random weapons, each time that the user visits the weapon shop:

SELECT DISTINCT(id), name, price FROM items WHERE type = 'Weapon' ORDER BY RAND() LIMIT 5;

Now that we have the SQL query we’ll be using, we need to quickly write the PHP code to use that query for our shop, inside weapon-shop.php:


 
require_once 'smarty.php';
 
session_start();
 
require_once 'config.php';		// our database settings
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
	or die('Error connecting to mysql');
mysql_select_db($dbname);
// retrieve player's ID
$query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')",
			mysql_real_escape_string($_SESSION['username']));
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
 
require_once 'stats.php';	// player stats
$query = "SELECT DISTINCT(id), name, price FROM items WHERE type = 'Weapon' ORDER BY RAND() LIMIT 5;";
$result = mysql_query($query);
$weapons = array();
while($row = mysql_fetch_assoc($result)) {
	array_push($weapons,$row);
}
$phand = getStat('phand',$userID);
$phand_query = sprintf("SELECT name FROM items WHERE id = %%s",
				mysql_real_escape_string($phand));
$result = mysql_query($phand_query);
if($result) {
	list($phand_name) = mysql_fetch_row($result);
	$smarty->assign('phand',$phand_name);
}
$shand = getStat('shand',$userID);
$shand_query = sprintf("SELECT name FROM items WHERE id = %%s",
				mysql_real_escape_string($shand));
$result = mysql_query($shand_query);
if($result) {
	list($shand_name) = mysql_fetch_row($result);
	$smarty->assign('shand',$shand_name);
}
$smarty->assign('weapons',$weapons); 
$smarty->display('weapon-shop.tpl');
 
?>

We loop through all of the data returned by our query, and display information on each weapon for our shop. We display our weapons, how much they cost, and a small ‘Buy’ button for users to purchase them with. Now we just need to make it possible for users to actually buy weapons.

As you saw earlier in our template, we have placed a form into each of our weapon entries, with a ‘Buy’ button and the ID of the weapon that users would choose to buy. We will be modifying weapon-shop.php so that when users click on the ‘Buy’ button, we can purchase the weapon in question for them – or display a helpful error message if they cannot afford it. To start off, we’ll edit our template so that it can display our messages for us:

{if $error ne ''}
	{$error}
{/if}
{if $message ne ''}
	{$message}
{/if}

With that modification made, we can now add the code to handle a user clicking on the ‘purchase’ link:

$phand = getStat('phand',$userID);
$shand = getStat('shand',$userID);
if($_POST) {
	$weaponID = $_POST['weapon-id'];
	$query = sprintf("SELECT price FROM items WHERE id = %s",mysql_real_escape_string($weaponID));
	$result = mysql_query($query);
	list($cost) = mysql_fetch_row($result);
	$gold = getStat('gc',$userID);
	if($gold > $cost) {
		// subtract gold, equip weapon, go from there.
		if(!$phand) {
			setStat('phand',$userID,$weaponID);
			setStat('gc',$userID,($gold - $cost));
			$phand = $weaponID;
			$smarty->assign('message','You equipped the weapon in your primary hand.');
		} else {
			if(!$shand) {
				setStat('shand',$userID,$weaponID);
				setStat('gc',$userID,($gold - $cost));
				$shand = $weaponID;
				$smarty->assign('message','You equipped the weapon in your secondary hand.');
			} else {
				$smarty->assign('error','You already have two weapons! You must sell one before equipping another one.');
			}
		}
	} else {
		$smarty->assign('error','You cannot afford that weapon!');
	}
}

We’ve built some simple swapping logic here – if the player’s primary hand is empty, the purchased weapon goes there. Otherwise, it goes into their secondary hand – and if both have a weapon in them, a message is displayed.

If you haven’t noticed, we told users that they needed to sell a weapon if they wanted to purchase a new one – so that’s what we’ll be building now. We’ll start off by tweaking our template again:


	Primary Hand:
	{if $phand ne ''}
		{$phand}
		
			
			
		
	{else}
		None
	{/if}


	Secondary Hand:
	{if $shand ne ''}
		{$shand}
		
			
			
		
	{else}
		None
	{/if}

With that change made, we’ll now modify weapon-shop.php again so that it can handle the new arguments sent to it:

if($_POST['sell']) {
	$weaponID = getStat($_POST['sell'],$userID);
	$query = sprintf("SELECT price FROM items WHERE id = %s",mysql_real_escape_string($weaponID));
	$result = mysql_query($query);
	list($price) = mysql_fetch_row($result);
	$gold = getStat('gc',$userID);
	setStat('gc',$userID,($gold + $price));
	setStat($_POST['sell'],$userID,'');
	$phand = getStat('phand',$userID);
	$shand = getStat('shand',$userID);
} else {

And with that finished, users can now buy and sell different weapons as they so choose. The single last change we need to make is adding a ‘Weapon Shop’ link to our main page:

18	The Weapon Shop

And with that, we’re finished! Here’s the code behind our weapon shop, in it’s entirety:


 
require_once 'smarty.php';
 
session_start();
 
require_once 'config.php';		// our database settings
$conn = mysql_connect($dbhost,$dbuser,$dbpass)
	or die('Error connecting to mysql');
mysql_select_db($dbname);
// retrieve player's ID
$query = sprintf("SELECT id FROM users WHERE UPPER(username) = UPPER('%s')",
			mysql_real_escape_string($_SESSION['username']));
$result = mysql_query($query);
list($userID) = mysql_fetch_row($result);
 
require_once 'stats.php';	// player stats
$phand = getStat('phand',$userID);
$shand = getStat('shand',$userID);
if($_POST) {
	if($_POST['sell']) {
		$weaponID = getStat($_POST['sell'],$userID);
		$query = sprintf("SELECT price FROM items WHERE id = %s",mysql_real_escape_string($weaponID));
		$result = mysql_query($query);
		list($price) = mysql_fetch_row($result);
		$gold = getStat('gc',$userID);
		setStat('gc',$userID,($gold + $price));
		setStat($_POST['sell'],$userID,'');
		$phand = getStat('phand',$userID);
		$shand = getStat('shand',$userID);
	} else {
		$weaponID = $_POST['weapon-id'];
		$query = sprintf("SELECT price FROM items WHERE id = %s",mysql_real_escape_string($weaponID));
		$result = mysql_query($query);
		list($cost) = mysql_fetch_row($result);
		$gold = getStat('gc',$userID);
		if($gold > $cost) {
			// subtract gold, equip weapon, go from there.
			if(!$phand) {
				setStat('phand',$userID,$weaponID);
				setStat('gc',$userID,($gold - $cost));
				$phand = $weaponID;
				$smarty->assign('message','You equipped the weapon in your primary hand.');
			} else {
				if(!$shand) {
					setStat('shand',$userID,$weaponID);
					setStat('gc',$userID,($gold - $cost));
					$shand = $weaponID;
					$smarty->assign('message','You equipped the weapon in your secondary hand.');
				} else {
					$smarty->assign('error','You already have two weapons! You must sell one before equipping another one.');
				}
			}
		} else {
			$smarty->assign('error','You cannot afford that weapon!');
		}
	}
}
$query = "SELECT DISTINCT(id), name, price FROM items WHERE type = 'Weapon' ORDER BY RAND() LIMIT 5;";
$result = mysql_query($query);
$weapons = array();
while($row = mysql_fetch_assoc($result)) {
	array_push($weapons,$row);
}
$phand_query = sprintf("SELECT name FROM items WHERE id = %s",
				mysql_real_escape_string($phand));
$result = mysql_query($phand_query);
if($result) {
	list($phand_name) = mysql_fetch_row($result);
	$smarty->assign('phand',$phand_name);
}
$shand_query = sprintf("SELECT name FROM items WHERE id = %s",
				mysql_real_escape_string($shand));
$result = mysql_query($shand_query);
if($result) {
	list($shand_name) = mysql_fetch_row($result);
	$smarty->assign('shand',$shand_name);
}
$smarty->assign('weapons',$weapons); 
$smarty->display('weapon-shop.tpl');
 
?>

And here’s the associated template:



	The Weapon Shop


	Welcome to the Weapon Shop.
	Current Equipment:
	
		
			Primary Hand:
			{if $phand ne ''}
				{$phand}
				
					
					
				
			{else}
				None
			{/if}
		
		
			Secondary Hand:
			{if $shand ne ''}
				{$shand}
				
					
					
				
			{else}
				None
			{/if}
		
	
	Below are the weapons currently available for purchase.
	{if $error ne ''}
		{$error}
	{/if}
	{if $message ne ''}
		{$message}
	{/if}
	
		{foreach from=$weapons key=id item=i}
			
				{$i.name} - {$i.price} gold coins
				
					
					
				
		{/foreach}

Don’t forget, you can check out our game in it’s current state at http://buildingbrowsergames.com/game/php/index.php!

Extra Credit

Add a current gold display to the Weapon Shop page, so that users can see how much gold they have remaining.
Customize the ‘you cannot afford this weapon’ message to also display the weapon name, and how much more gold the player needs.
Change how the weapons for sale are displayed, so that they don’t update after a user buys a weapon – or, make it so that the weapon the user just bought is not included in the new weapons list.

Building Browsergames: Securing our hashes (PHP)

Luke — Tue, 15 Jul 2008 14:00:04 +0000

John Munsch recently pointed out that there’s a bit of a glaring security hole in our login and registration systems: at the moment, we’re extremely vulnerable to Rainbow Table attacks. In John’s words:

The MD5 hash doesnâ€™t actually protect you if someone were able to dump your table of users or gain access to the database in some fashion.

And you know what? He’s absolutely right. If a malicious user managed to get access to our database at the moment, our user’s logins wouldn’t be protected at all. This is a big problem, and something we need to fix.

Unfortunately, because password hashing is one-way, we can’t just get users to reset their password. They’ll either need to re-register entirely, or we can setup a special page(and stat) in order to make sure that users have reset their passwords. John recommends adding what’s known as a ’salt’ value to user’s passwords – that way, you might have something like this:

password = 'foo'
password + salt = 'foobrownfox'
hashed password = hash('foobrownfox')

And if a user were to attack our login information using a rainbow table, they might manage to figure out that the passwords being stored in the database were values like ‘foobrownfox’ – but they’d have a bit of a harder time figuring out what was the salt value and what was the actual password.

Luckily, this is a pretty easy fix to implement – we just modify our two calls to md5() in our login and register code to add a salt to the user’s passwords. Here’s the changes we make to register.php:

24	mysql_real_escape_string(md5('saltgoeshere' . $password)));

Unfortunately, at this moment making these changes breaks things for users who signed up before we had to make this fix. In order to try and keep things as seamless as possible for the user, we’ll be modifying our login code slightly:

	$query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
		mysql_real_escape_string($username),
		mysql_real_escape_string(md5($password)));
	$result = mysql_query($query);
	list($count) = mysql_fetch_row($result);
	if($count == 1) {
		$_SESSION['authenticated'] = true;
		$_SESSION['username'] = $username;
		header('Location:changepass.php');
	} else {
		$query = sprintf("SELECT COUNT(id) FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
			mysql_real_escape_string($username),
			mysql_real_escape_string(md5('saltgoeshere' . $password)));
		$result = mysql_query($query);
		list($count) = mysql_fetch_row($result);
		if($count == 1) {
			$_SESSION['authenticated'] = true;
			$_SESSION['username'] = $username;
			$query = sprintf("UPDATE users SET last_login = NOW() WHERE UPPER(username) = UPPER('%s') AND password = '%s'",
				mysql_real_escape_string($username),
				mysql_real_escape_string(md5('saltgoeshere' . $password)));
			mysql_query($query);
			$query = sprintf("SELECT is_admin FROM users WHERE UPPER(username) = UPPER('%s') AND password='%s'",
				mysql_real_escape_string($username),
				mysql_real_escape_string(md5('saltgoeshere' . $password)));
			$result = mysql_query($query);
			list($is_admin) = mysql_fetch_row($result);
			if($is_admin == 1) {
				header('Location:admin.php');			
			} else {
				header('Location:index.php');				
			}
		} else {	
			$error = 'There is no username/password combination like that in the database.';
		}
	}

We’ve made a small change to our login code, so that it first tests to see if the user’s attributes match up to any users who haven’t had their passwords salted – if they do, we redirect them to the page where they can change their password. Here’s what the template for our ‘change password’ page(change_pass.tpl) looks like:



	Change Password


	{if $error ne ""}
		Error: {$error}
	{/if}
	{if $message ne ""}
		{$message}
	{/if}
	
		Password: 

		Confirm Password:

With the template created, all we need to do is build the page that handles changing the user’s password – like so:


 
include 'smarty.php';
require_once 'login-check.php';
 
if($_POST) {
	$password = $_POST['password'];
	$confirm = $_POST['confirm'];
	if($password != $confirm) {
		$error = 'Passwords do not match!';	
	} else {
		require_once 'config.php';		// our database settings
		$conn = mysql_connect($dbhost,$dbuser,$dbpass)
			or die('Error connecting to mysql');
		mysql_select_db($dbname);
		$query = sprintf("UPDATE users SET password = '%s' WHERE username = '%s'",
					mysql_real_escape_string(md5('saltgoeshere' . $_POST['password'])),
					mysql_real_escape_string($_SESSION['username']));
		mysql_query($query);
		$message = 'Password updated successfully.';
	}	
}
$smarty->assign('error',$error);
$smarty->assign('message',$message);
$smarty->display('change_pass.tpl');
 
?>

And that’s all there is to it! With a fairly simple change, we’ve managed to secure our user’s information a bit better – a malicious user with direct access to our database won’t be able to easily figure out what a user’s password is just by using a Rainbow table. As an added bonus, we’ve also created an extra piece of functionality – a change password page!

Note: don’t forget to change ’saltgoeshere’ to an actually random value, like ’s79dj@#*(hd’ or something – you won’t make any security gains if malicious users can easily guess your password salt. If you’re feeling really adventurous, you could(and probably should) turn the salt into a configuration parameter – but I’ll leave how to do that up to you.

Building Browsergames: DRYing out our stats

Luke — Fri, 11 Jul 2008 14:00:35 +0000

Over the course of developing our game, our database has sort of grown organically. As we added a new feature, we’d add the tables we needed to accomodate this feature. While this works(and has been working for us just fine), it’s not neccessarily the best way to design your database – because as you can see, we now have 3 stats tables(user_stats,monster_stats, and item_stats) when we only actually need one – as sepp has once again helpfully pointed out.

With that in mind, we’re going to create another table, to replace those three. Because lots of different things can have stats, I’m going to call the table entity_stats – although if you want to, you can call it whatever you want(but make sure to keep your change in mind when you’re working through this code). Here’s what we’re going to do to create the table:

CREATE TABLE entity_stats (
	id int NOT NULL AUTO_INCREMENT,
	stat_id int,
	entity_id int,
	value text,
	entity_type ENUM('User','Monster','Item'),
	PRIMARY KEY(id)
);

Now that we’ve created this new table, we’re going to need to customize our SQL queries slightly. Previously, we were only using an object’s ID value to retrieve the stats for it – now that we don’t have that separation, we will need to run the query based on two things – the object’s ID, and the object’s type.

Because we’ve been doing re-writing to our stats code, we’re actually in a good position to make this change – we only need to change the query in one file, instead of 3(or more). Our old SQL looked like this:

"SELECT value FROM table WHERE stat_id = (SELECT id FROM stats WHERE display_name = 'foo' OR short_name = 'bar') AND column = 'baz'"

The new SQL is going to look like this:

"SELECT value FROM entity_stats WHERE stat_id = (SELECT id FROM stats WHERE display_name = 'foo' OR short_name = 'bar') AND entity_id = 'baz' AND type = 'bat'"

One of the benefits of doing this is that we’re actually going to be cleaning up our new DRY stats code a little bit more, too – we get to trim it down to only take a ‘type’ argument, instead of the table and column names it needs to retrieve with. Think back to our DRY stats code from earlier:

PHP

function getStatDRY($tableName,$columnName,$statName,$trackingID) {
	createIfNotExistsDRY($tableName,$columnName,$statName,$trackingID);
	$query = sprintf("SELECT value FROM %s WHERE stat_id = (SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s') AND %s = '%s'",
		mysql_real_escape_string($tableName),
		mysql_real_escape_string($statName),
		mysql_real_escape_string($statName),
		mysql_real_escape_string($columnName),
		mysql_real_escape_string($trackingID));
	$result = mysql_query($query);
	list($value) = mysql_fetch_row($result);
	return $value;		
}

Perl

sub getStatDRY {
	my ($tableName,$columnName,$statName,$userID) = @_;
	my $dbh = $dbh;
	createIfNotExistsDRY($tableName,$columnName,$statName,$userID);
	my $sth = $dbh->prepare("SELECT value FROM $tableName WHERE stat_id = (SELECT id FROM stats WHERE display_name = ? OR short_name = ?) AND $columnName = ?");
	$sth->execute($statName,$statName,$userID);
	my $value;
	$sth->bind_columns(\$value);
	$sth->fetch;
	return $value;
}

And here’s what it looks like with the change made:

PHP

function getStatDRY($type,$statName,$trackingID) {
	createIfNotExistsDRY($type,$statName,$trackingID);
	$query = sprintf("SELECT value FROM entity_stats WHERE stat_id = (SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s') AND entity_id = '%s' AND entity_type = '%s'",
		mysql_real_escape_string($statName),
		mysql_real_escape_string($statName),
		mysql_real_escape_string($trackingID),
		mysql_real_escape_string($type));
	$result = mysql_query($query);
	list($value) = mysql_fetch_row($result);
	return $value;		
}

Perl

sub getStatDRY {
	my ($type,$statName,$trackingID) = @_;
	my $dbh = $dbh;
	createIfNotExistsDRY($type,$statName,$userID);
	my $sth = $dbh->prepare("SELECT value FROM entity_stats WHERE stat_id = (SELECT id FROM stats WHERE display_name = ? OR short_name = ?) AND entity_id = ? AND entity_type = ?");
	$sth->execute($statName,$statName,$trackingID,$type);
	my $value;
	$sth->bind_columns(\$value);
	$sth->fetch;
	return $value;
}

Once we’ve made those changes, it’s easy to modify all of our code for the new database structure:

PHP


 
include 'database.php';
 
function getStatDRY($type,$statName,$trackingID) {
	createIfNotExistsDRY($type,$statName,$trackingID);
	$query = sprintf("SELECT value FROM entity_stats WHERE stat_id = (SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s') AND entity_id = '%s' AND entity_type = '%s'",
		mysql_real_escape_string($statName),
		mysql_real_escape_string($statName),
		mysql_real_escape_string($trackingID),
		mysql_real_escape_string($type));
	$result = mysql_query($query);
	list($value) = mysql_fetch_row($result);
	return $value;		
}
 
function setStatDRY($type,$statName,$trackingID,$value) {
	createIfNotExistsDRY($type,$statName,$trackingID);
	$query = sprintf("UPDATE entity_stats SET value = '%s' WHERE stat_id = (SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s') AND entity_id = '%s' AND entity_type = '%s'",
		mysql_real_escape_string($value),
		mysql_real_escape_string($statName),
		mysql_real_escape_string($statName),
		mysql_real_escape_string($trackingID),
		mysql_real_escape_string($type));
	$result = mysql_query($query);
}
 
function createIfNotExistsDRY($type,$statName,$trackingID) {
	$query = sprintf("SELECT count(value) FROM entity_stats WHERE stat_id = (SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s') AND entity_id = '%s' AND entity_type ='%s'",
		mysql_real_escape_string($statName),
		mysql_real_escape_string($statName),
		mysql_real_escape_string($trackingID),
		mysql_real_escape_string($type));
	$result = mysql_query($query);
	list($count) = mysql_fetch_row($result);
	if($count == 0) {
		// the stat doesn't exist; insert it into the database
		$query = sprintf("INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) VALUES ((SELECT id FROM stats WHERE display_name = '%s' OR short_name = '%s'),'%s','%s','%s')",
		mysql_real_escape_string($statName),
		mysql_real_escape_string($statName),
		mysql_real_escape_string($trackingID),
		'0',
		mysql_real_escape_string($type));
		mysql_query($query);
	}	
}
 
?>

Perl

package statsDRY;
 
use database;
 
sub getStatDRY {
	my ($type,$statName,$trackingID) = @_;
	my $dbh = $dbh;
	createIfNotExistsDRY($type,$statName,$userID);
	my $sth = $dbh->prepare("SELECT value FROM entity_stats WHERE stat_id = (SELECT id FROM stats WHERE display_name = ? OR short_name = ?) AND entity_id = ? AND entity_type = ?");
	$sth->execute($statName,$statName,$trackingID,$type);
	my $value;
	$sth->bind_columns(\$value);
	$sth->fetch;
	return $value;
}
 
sub setStatDRY {
	my ($type,$statName,$trackingID,$statValue) = @_;
	my $dbh = $dbh;
	createIfNotExistsDRY($type,$statName,$userID);
	my $sth = $dbh->prepare("UPDATE entity_stats SET value = ? WHERE stat_id = (SELECT id FROM stats WHERE display_name = ? OR short_name = ?) AND entity_id = ? AND entity_type = ?");
	$sth->execute($statValue,$statName,$statName,$trackingID,$type);
}
 
sub createIfNotExistsDRY {
	my ($type,$statName, $trackingID) = @_;	
	my $dbh = $dbh;
	my $sth = $dbh->prepare("SELECT count(value) FROM entity_stats WHERE stat_id = (SELECT id FROM stats WHERE display_name = ? OR short_name = ?) AND entity_id = ? AND entity_type = ?");
	$sth->execute($statName,$statName,$trackingID,$type);
	my $count;
	$sth->bind_columns(\$count);
	$sth->fetch;
	if($count == 0) {
		# no entry for that stat/user combination - insert one with a value of 0
		$sth = $dbh->prepare("INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) VALUES ((SELECT id FROM stats WHERE display_name = ? OR short_name = ?),?,?,?)");
		$sth->execute($statName,$statName,$userID,0,$type);
	}	
}
 
 
1;

And with that done, our change is made! Now it’s just a matter of modifying the code we created for each stat specifically(only one shown):

PHP


 
require_once 'stats-dry.php';
 
function getStat($statName,$userID) {
	return getStatDRY('user',$statName,$userID);
}
function setStat($statName,$userID,$value) {
	setStatDRY('user',$statName,$userID,$value);
}
 
?>

Perl

package stats;
use DBI;
 
use statsDRY;
 
sub getStat {
	my ($statName,$userID) = @_;
	return statsDRY::getStatDRY('user',$statName,$userID);
}
 
sub setStat {
	my ($statName,$userID,$statValue) = @_;
	statsDRY::setStatDRY('user',$statName,$userID,$statValue);
}
 
1;

And once all of the changes are done, you’re good! Now all of the stat values will be stored in a single table.

But what about users who have already registered for your game, or monsters and items that you’ve already added?

We definitely don’t want to have to tell every single person playing our game to re-register – so we’re going to write some quick SQL to copy the values over for us, before removing the tables that we no longer need:

INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) (SELECT stat_id,user_id,value,'user' FROM user_stats);
DROP TABLE user_stats;
INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) (SELECT stat_id,monster_id,value,'monster' FROM monster_stats);
DROP TABLE monster_stats;
INSERT INTO entity_stats(stat_id,entity_id,value,entity_type) (SELECT stat_id,item_id,value,'item' FROM item_stats);
DROP TABLE item_stats;

Once we’ve run that SQL, we’ll have deleted our 3 new tables – but not before we moved the data over from them to our new entity_stats table. Once you make the necessary modifications to your stats code and upload it all, take a look at your game – it will still work just like it did before!

This might seem like a weird thing to get excited about, but it’s a pretty big deal – we just changed a significant portion of our database, and didn’t break any of our existing code at all. This is why the DRY approach is so useful to have, and why you should always strive to use DRY in your designs to begin with – because making this change with the database logic spread accross dozens of files would drive even the calmest developer batty.