Silverwulfess
Game Owner
Anyone looked into this or use it? I see one post about it being available for a game but still see it looks to be in development. Any insight would be fantastic 
Pet Game Framework by Design1Online
- Thread starter Silverwulfess
- Start date
SilverBrick
Banned
@Design1online - she is developing and creating the pgf framework and @Vix use it for making celestial equine an nice horse game ^^ i was also using it but i choosed mysidia because i think mysidia have a great amount of potential if we use it in correct way
Design1online
Senior Member
It is still in development, however there are multiple pre-orders that already have access to the code. @Vix is currently using it on her game Celestial Equine, that's the only one I know of that is open so far. It won't be out of development until all the pages are converted to use bootstrap and it has 100% unit test coverage. We're at about 30% test coverage right now but there are over 10,000 lines of code.
Last edited by a moderator:
Design1online
Senior Member
@Design1online, I believe what was kinda asked wasn't so much testing or code coverage, but features or benefits to PGF over say another framework. Can you elaborate on that?
Design1online
Senior Member
It's designed specifically for pet games and generic frameworks are not. The list of features is below:
- Easy Installer
Upload the files and you’ll be walked through the installation process
- Includes 5 pets, 9 items and default game configuration data to get you started
[*]Documentation
Fully documented code base
- PDF help file
- Section for owners
- Section for developers
[*]Protocol Support
Http or Https
[*]Optimization
Follows PSR standards
- Stash filesystem caching to reduce database load
- PHPDocumentor code comments
- PHPUnit tests
- Full code coverage
[*]Mod-rewrites for easy to remember URLs
[*]Dynamically loaded javascript files
[*]Dynamically loaded css stylesheets
[*]Layouts
HTML5
- Bootstrap 3.5
- Fully responsive for websites, tablets and phones
- Customizable style sheets
- Customizable meta data
- Customizable player and pet pages
- Customizable icons
- customizable icon animations
- 3 page arrangements
- TinyMCE WYSIWYG editors
- Font Awesome icons
- 50 color themes
[*]Multi-Language Support
Languages files included
- English
- Spanish
- Italian
- German
- French
- Danish
- Swedish
- Russian
- Romanian
- Norwegian
- Polish
- Portuguese
- Set a default game language
- Allow players to switch the game language if multiple are enabled
- 71 languages officially supported
[*]PayPal Payments Integration
Manual payments
- IPN Automated payments
- Payment reports and transaction log
[*]Permissions System
Administrators – full game customization and moderation functionality
- Staff – limited game customization and moderation functionality
- Moderators – only moderation functionality
- Players – a user with no additional permissions
- Customizable to add additional permission groups
[*]Extensive Admin Panel
Manage the game, pets and players without any programming knowledge
- Custom Emails
- Join/lost password email
- Mass emails players
[*]General Gameplay
Generate alpha accounts
- Open/close joining the game
- Open/close the entire game
- Daily/hourly cron jobs
[*]Toggle entire game functionality
Genetics
- Dynamic Images (only if GD support enabled)
- Clubs
- Player Shows
[*]Players
Toggle multiple accounts
- Username
- Player name
- Avatar
- Referral system
- Encrypted passwords
- Player editable page
[*]Upgrades
[*]Inventory
[*]Shops
[*]Pets
Custom breeds
- Custom colors
- Custom traits
strength, speed, etc
[*]Custom attributes
health, energy, etc
[*]Custom genetics
[*]Dynamic images (only if GD support enabled)
[*]Items
Equippable
- Consumable
[*]Breeding
Customizable % of traits passed down to offspring
- Single offspring or litters
- Offspring List
- Pedigree
[*]Competitions
[*]Training
[*]Sales/Auction
[*]Shelter
Rescue
- Abandon
[*]Upgrades
Enter special competitions
- Access to upgraded forums
- Custom avatar image
- Access to player journal
- Higher allowance
- Higher bank interest
- Monthly special item
[*]Licenses
Limit the number of pets a player can own
[*]Search
Pets
- Players
- Items
- Competitions
In game messages
[*]Friends List
Quick access to the player’s friends
[*]Blocked List
Allows player to block other users from messaging them or responding to their posts
[*]Bank
Allowance
- Interest
- Savings
- Transaction log
[*]Clubs
Elections for president and vice president
- Customizable page
- Can create shows
- Pets/players can join
[*]Hall of Fame
Players
- Pets
[*]Message boards
Categories
- Topics
- Sticky posts
- Bump posts
- Recent posts
- Active topics
[*]Newspaper
Comments
- Up vote/down vote
[*]Polls
[*]PHP Chat Room
[*]Mini Games
Hangman
- Tic-Tac-Toe
- Guess the Number
- Pong
- Rock, Paper, Scissors, Lizard, Spock
Last edited by a moderator:
nobackseat
New member
I really hope you're not encrypting passwords and you're just mixing up the terminology here.
There's no reason to need to decrypt passwords and it's frankly an invasion of privacy.
Passwords should be hashed.
NBS
Design1online
Senior Member
No it's not a typo. Passwords are encrypted with SHA256 so they can be sent back out in an email without having to reset them every time you forget them. Even passwords that are hashed can be unhashed with enough time or through the use of hashing databases. Nothing is ever completely fool proof, even a password that's being hashed can be caught over wireshark, keylogger, unsecure wifi or a wifi pineapple -- hence why there are multiple types of hashing and encryption algorithms out there.
The beauty of PGF is that if you don't like how something is done you can easily change it to do something different so you're free to hash it, reverse it, plain text it or convert it into emoticons or lolcatz if you really wanted to.
nobackseat
New member
Woah, hang on.
Password resetting should be the expected behavior here. It's what I expect when I've forgotten my password and I'm sure most people would say the same. I don't think anyone actually expects their passwords to be emailed to them. This also opens your users up to huge risk because odds are many of them use the same passwords on sensitive accounts such as their email or bank account.
Besides, it's a false equivalence. The cleverly named password_hash function if you're using PHP has a built-in salt and is rainbow-table safe. If you were to leave the cost set to the default, and you have some basic password requirements (eg, minimum of 6 characters, etc) it would take years to find a match, conservatively speaking.
Anyone else want to chime in here? I think this is a good discussion to have.
NBS
SHA256 is a hashing algorithm. So what are you actually using for your encryption?
Password resetting should be the expected behavior here. It's what I expect when I've forgotten my password and I'm sure most people would say the same. I don't think anyone actually expects their passwords to be emailed to them. This also opens your users up to huge risk because odds are many of them use the same passwords on sensitive accounts such as their email or bank account.
I'm not following your point here. Because it could be compromised elsewhere means it's OK to store them improperly and send them over email?
Besides, it's a false equivalence. The cleverly named password_hash function if you're using PHP has a built-in salt and is rainbow-table safe. If you were to leave the cost set to the default, and you have some basic password requirements (eg, minimum of 6 characters, etc) it would take years to find a match, conservatively speaking.
That's great, but I believe the responsible thing is to have it secure by default.
Anyone else want to chime in here? I think this is a good discussion to have.
NBS
Last edited by a moderator:
@nobackseat is very correct here.
Affirmation/Clarification for anyone unaware:
Hashing algorithms are a branch of cryptographic algorithms, definitely not "encryption" as the input for these algorithms are not designed to be reversed.
Best practices in handling passwords is to NEVER email passwords. Email is not a secure channel of communication, even if your mail server reaches out over SSL initially. You never know how email gets routed after it leaves your network.
If the use of the word "unhash" means to be equivocal to "decrypt", there is a fundamental misunderstanding somewhere here. Due to the rare potential of collisions in hashing algorithms, you can't assuredly get the original input for a resulting hashsum. The only way to this very day to reverse engineer the input from a hash table is by either pre-computed (think rainbow table lookups) or active brute forcing.
When it comes to handling passwords, you as an entity do not want to know the user password or transmit it. You only want to receive it as input and forget that input immediately. Ideally if you can receive some form of token, a token would be better than a password for security. Especially if it's like the tokens provided by Google Authenticator or one of the RSA algorithms.
Failure to do anything less than forgetting the password as soon as you receive it results in more vectors of vulnerability that an intruder can use to exploit your user base. As a result, this also has vast legal implications.
Lets Talk About Cryptography!
(I like crypto! WOO!)
Going to try to stay pretty broad here. Generically the very fundamental meaning of cryptography is to use an algorithm to take input and yield an output that is indistinguishable from the initial input. These algorithms are known as ciphers.
Most ciphers aim to typically achieve 1 of two potential goals which are encryption or message verification.
The AES cipher intends to take input and provide ouput that can only be deciphered if you know the key used to make the output. Typically you will see ciphers for this intended us are rooted deeply in symmetric algorithms, where you have one algorithm for encryption with at least 2 inputs (message, key) and another algorithm for decryption the requires at least 2 inputs (encoded_message, key). The actual math used between the encryption and decryption assumes a shared number of sorts.
The SHA family of ciphers take input and provide what is known as a hash sum that can not be deciphered by design. Most hashing algorithms are intended for verifying authenticity of a message (or some other input). Hashing algorithms typically have a form of recursion, so that after iterating input, math can still continue to product output. Before output is provided, it is expected that only part of the yielded sum from whatever math is being done gets arbitrarily lopped off. A really major use of hashing algorithms right now is in cryptocurrencies, due to the inherent nature of verifying data on a block chain.
There's a lot more to this topic really, because there's so many ciphers with varying degrees of purpose, in addition to cipher suites (just tool kits essentially), that provide tools for signing, verifying, encrypting, decrypting, and even doing math on encrypted data. If you ever want to learn more, I highly recommend picking up some blockchain knowledge. The simplest "Writing your own Blockchain" guide I ever read that explains it decently is probably here: https://medium.com/@mycoralhealth/code-your-own-blockchain-in-less-than-200-lines-of-go-e296282bcffc
Back to the topic at hand? (lol)
So to kinda roll this back into the original discussion, @Design1online you are writing a VPG framework? Is this on github? I'm been a fan of what I have watched @owlmanatt do historically with making KittoKittoKitto and he's like low key working on ZuttoZuttoZutto from what I can tell.
Affirmation/Clarification for anyone unaware:
Hashing algorithms are a branch of cryptographic algorithms, definitely not "encryption" as the input for these algorithms are not designed to be reversed.
Best practices in handling passwords is to NEVER email passwords. Email is not a secure channel of communication, even if your mail server reaches out over SSL initially. You never know how email gets routed after it leaves your network.
If the use of the word "unhash" means to be equivocal to "decrypt", there is a fundamental misunderstanding somewhere here. Due to the rare potential of collisions in hashing algorithms, you can't assuredly get the original input for a resulting hashsum. The only way to this very day to reverse engineer the input from a hash table is by either pre-computed (think rainbow table lookups) or active brute forcing.
When it comes to handling passwords, you as an entity do not want to know the user password or transmit it. You only want to receive it as input and forget that input immediately. Ideally if you can receive some form of token, a token would be better than a password for security. Especially if it's like the tokens provided by Google Authenticator or one of the RSA algorithms.
Failure to do anything less than forgetting the password as soon as you receive it results in more vectors of vulnerability that an intruder can use to exploit your user base. As a result, this also has vast legal implications.
Lets Talk About Cryptography!
(I like crypto! WOO!)Going to try to stay pretty broad here. Generically the very fundamental meaning of cryptography is to use an algorithm to take input and yield an output that is indistinguishable from the initial input. These algorithms are known as ciphers.
Most ciphers aim to typically achieve 1 of two potential goals which are encryption or message verification.
The AES cipher intends to take input and provide ouput that can only be deciphered if you know the key used to make the output. Typically you will see ciphers for this intended us are rooted deeply in symmetric algorithms, where you have one algorithm for encryption with at least 2 inputs (message, key) and another algorithm for decryption the requires at least 2 inputs (encoded_message, key). The actual math used between the encryption and decryption assumes a shared number of sorts.
The SHA family of ciphers take input and provide what is known as a hash sum that can not be deciphered by design. Most hashing algorithms are intended for verifying authenticity of a message (or some other input). Hashing algorithms typically have a form of recursion, so that after iterating input, math can still continue to product output. Before output is provided, it is expected that only part of the yielded sum from whatever math is being done gets arbitrarily lopped off. A really major use of hashing algorithms right now is in cryptocurrencies, due to the inherent nature of verifying data on a block chain.
There's a lot more to this topic really, because there's so many ciphers with varying degrees of purpose, in addition to cipher suites (just tool kits essentially), that provide tools for signing, verifying, encrypting, decrypting, and even doing math on encrypted data. If you ever want to learn more, I highly recommend picking up some blockchain knowledge. The simplest "Writing your own Blockchain" guide I ever read that explains it decently is probably here: https://medium.com/@mycoralhealth/code-your-own-blockchain-in-less-than-200-lines-of-go-e296282bcffc
Back to the topic at hand? (lol)
So to kinda roll this back into the original discussion, @Design1online you are writing a VPG framework? Is this on github? I'm been a fan of what I have watched @owlmanatt do historically with making KittoKittoKitto and he's like low key working on ZuttoZuttoZutto from what I can tell.