Confusion about Google Play Games Auto-matching behaviour - google-play-games

I have a turn-based multiplayer game developed with Google Play Games.
I'm just in the process of getting auto-matching to work, and I noticed a bit strange thing that I'm not sure if it's my (messy) coding, or just the way Google Play Games works...
Let's say player A starts an auto-matched game. Makes his turn, and the turn is pushed to the Google's Server.. now, player B starts an auto-matched game, and joins the player A's game.
Everything working so far.
However, I just tried to start ANOTHER auto-matched game, either with player A or B - while player A & B have a match already going on, and I noticed that my game jumps to the previous game.
Am I messing something up (very possible), or is it not possible to start two simultaneous games via auto-matching (with invitations it is very much possible).

#fluxi maybe there is some adjustments to be done to prevent your app to jump to the previous game. According to Developer's Guide for Turn-base Multiplayer,
When creating a match with auto-matching, Google Play games services
might return a match that is already in progress. This occurs when the
match configuration sent by your game to Google Play games services
has the same configuration as an existing match that is underway (that
is, the other player has already taken a turn). Because Google Play
games services might return a match that is in progress, be sure to
check for game data in the returned match object.
Maybe create a try catch and if invited player(auto-matching) is currently in an existing match alert the user (the one who send the invite) with a personal error message like "Failed to create game, invited player is already in match, Please try again".

Related

How To Get Server and Client to Server Travel Based on Logic in Unreal Engine 5

I'm working on a multiplayer game in Unreal Engine and there is a lobby where players can start and join up. When players are ready I have a platform actor that is a trigger and detects how many players are standing on it and it increases an int variable that is on the gamemode (I know this is probably incorrect to do but I have tried loads of different things). In the tick function of the game mode i have logic stating basically if there is more than two players, from that int variable it will fire the server travel but when it fires it causes the client to crash and the host wont travel. How can I implement this logic and fire the server travel successfully does anyone know ? Thanks : )
I think you can achieve that by using the Get Overlapping Actors function inside your Platform's Blueprint. It gets all the actors, which you can filter by Class so you can choose Pawns or Player Pawns, then get the number of elements from the array it returns.
Also, are you aware of RPCs and Multicasting? If not, I suggest giving them a read since they are a necessity for Multiplayer games, especially if it is for using UE's own Multiplayer support.
Create a Server/Multicast RPC depending on whether it is a Server or not inside your Character Blueprint, then call it from your Player Pawn 0 (which is the client's character in that specific instance of the game) in the Platform Blueprint (which you cast to whatever class you're using for your character), and you'll hopefully have a working version of your code.
If you don't know about RPCs and Replication and are reading this, and not understanding anything, I swear it'll make sense after you read about them. It's a complicated concept, especially with all the server shenanigans but a necessity.
If you don't want to clutter your Character Blueprint, you can also use Interfaces but that's somewhat difficult to explain without getting into the details.

Steam API: accessing DOTA2 ranked matches

I'm trying to use the Steam HTTP-based API to get information about ongoing and recently completed Ranked Matchmaking DOTA2 games. Specifically, I'm using the command
https://api.steampowered.com/IDOTA2Match_570/GetMatchHistory/V001/?format=json&key=<my_key>
I noticed that in the hundreds of games that I've looked at using this request, there is not a single ranked matchmaking game (lobby_type=7). Most games are lobby_type 4 (co-op versus AI), type 8 (solo mid), or type 0 (unknown). Why can't I see the ranked matchmaking games?
Regarding ranked games the Web API seems to be currently broken.
As far as I know there is no official statement yet.

Breaking a project's first User Story in to tasks [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 5 years ago.
Improve this question
I'm starting a new project from scratch and have written User Stores to describe how a given user will interact with the system. But, I'm having trouble understanding how to break the first user story in to tasks without the first one becoming an epic.
For example, if I were building a car and the first user story said something like "As a driver, I would like to be able to change the direction of motion so that I don't hit things.", that would imply a user interface (steering wheel), but also motion (wheels) and everything necessary to link those together (axle, frame, linkage, etc...). In the end, that first user story always seems to represent about 40% of the project because it implies so much about the underlying architecture.
How do you break user stories down for a new project such that the first one doesn't become an epic representing your entire underlying architecture?
You might want to think of your story as a vertical slice of the system. A story may (and often will) touch components in all of the architectural layers of the system. You might therefore want to think of your tasks as the work needed to be done on each of the components that your story touches.
For example, Let's say you have a story like In order to easily be able to follow my friends' tweets, as a registered user, I want to automatically follow all of my gmail contacts that have twitter accounts.
In order to accomplish this, you will have to pass through the UI layer, service layer, persist some data in the data layer, and make an API call to twitter and gmail.
Your tasks might be:
Add an option to the menu
Add a new gmail authentication screen
Add a twitter authentication screen
Add a contact selection screen
Add a controller that calls into your service layer
Write a new service that does the work
Save contacts to the database
Modify your existing gmail API calling service to get contacts
Add a twitter API calling service to follow selected contacts
There: That's 9 possible tasks right there. Now, as a rule, you want your tasks to take roughly 1/2 a day to 2 days, with a bias towards one day (best practice, for sizing). Depending on the difficulty, you might break down these tasks further, or combine some if they are two easy (perhaps the two API calling services are so simple, you'd just have a modify external API services).
At any rate, this is a raw sketch of how to break the stories down.
EDIT:
In response to more question that I got on the subject of breaking stories into tasks, I wrote a blog post about it, and would like to share it here. I've elaborated on the steps needed to break the story. The link is here.
When we started projects under a Scrum management style, the first set of tasks was always broad, or as you describe it: epic. That's inevitable, the framework of any project is usually the most important, largest, and time-consuming portion, but it supports the rest of the project. In order to pare down the scale on overwhelming-ness of how much there is to do see if you can list the MOST essential parts. Then work on defining those tasks as the starting points. Therefore you have a few tasks as starting points for a broad beginning. Hope that makes sense!
A user story describe the what while a task is more about the how.
There is no perfect formula, just add any task that describe how the user story is going to be implemented, documented or tested.
Keep in mind that a task should be estimated in hours, so try to scale and detail the tasks accordingly.
If you feel that you have too many tasks for a story (even if you have 1-8 hours long tasks), then maybe you should consider rewriting your user story in the first place because it's probably too complex.
Good luck
The story that you implement at the beginning can be refined over time. You dont need to think that every story has to be the final version that the user is going to use.
For example, in a recent project we had to develop an application which involved indexing various websites, and matching them against filters created by users, and finally alerting the user of matches (thing of it as google alert on steroids).
If you look at it from one perspective, there is only one story - "As a user I want to get alerts from matching pages". But look at it from another perspective of "what are the risks we want to mitigate". The first risk was that users wouldn't get relevant or better hits compared to google alerts. The second risk was in learning the technology to build this.
So our first user story was simply "As a user I want relevant hits", then we built just the hit matching algorithm on a hardcoded set of pages and hardcoded filters for some early users and got their feedback.
There might actually be a bit of back and forth here with multiple smaller stories to capture learning like "As a user I want more priority to be given to matches in the URL" etc.. these stories comes from the feedback as we iterate over what the early users consider "relevant hits".
Next, we broadened it to "As a user I want hits from specific websites" and we built the indexing architecture to crawl user specified sites and do hit matching on that.
The third story was "As a user I want to define my own filters", and we built this part of the system.
In this way we were able to build up the architecture piece by piece. Through most of the initial part, only early users could use the system, and many pieces of data were hardcoded etc.
After a point, early users could use the system completely. Then we added stories for allowing new users to register and opened it up to the public.
To cut a long story short, the story you implement first could implement only a small part of the final story, hardcoding and scaffolding everything else. And then you can iterate on it over time till you get the story that you might actually release to the public.
I've come to a crossroads with this issue in the past. User stories are supposed to be isolated so you can do them without any other stories, in whatever order, etc. But I found making that happen just made everything more complicated. To me this fell under the "Individuals and interactions over processes and tools" part of the agile manifesto - or at least my interpretation of it.
The ultimate goal is ship. And to ship you have to build, and to build you have to stop futzing with scrum and just get stuff done and make sure you track it.
So what we did was break a cardinal rule of stories and we made some tech stories like "create a preliminary schema". We also declared that some stories were dependent on others, and noted that on the back of the story card.
In the end I felt this type of story was few and far between, and the difficulty of the alternative justified the exception.

html form post/get data security

Okay, this question isnt exactly very clear, because i cant write it as a single question.
I have a game that i am designing using javascript, and it is basically a multiplayer game.
So say there is two players, player darklord and angel
angel shoots darklord
so darklord loses 1 life.
Now what happens is that i use ajax to submit the number of life that darklord loses.
And the request is GET /shootout.php?shooter=darklord&life=-1
so this allows me to store the new life of darklord.
Now the problem is say angel knows about computer, and he starts requesting /shootout.php?shooter=darklord&life=-3
Thus darklord loses more life then he should have. So angel cheated in the game.
No i want to prevent this kind of requests, and i am trying to get a way so that my requests can be hidden. I mean i know i can encrypt the url. So say i encrypted it such that the request should be GET /enc.php?e=934ufj30jf for darklord to lose a life, and different values of e for angel to lose a life, or gain a point. However for this to work i will need to send the data to the client, as in tell the javascript to request this url.
Now the user can easily go around reading the source of the file in order to find out what are the new requests for doing things,
I have found and thought of many other ways, but they all limit the amount of cheating or effect the game-play etc.. None of them eliminate this security completely.
So now my question is how do i make sure that users dont send data that is not real. How do i stop them from cheating?
I have thought of the best way being that i use server side scripts to actually calculate the possibility of someone shooting someone else and then matching it with the client input, but that will effect execution time by a LOT, so i am trying to find other ways, some public key encryptions?? (problem is the user can put the data as they want and then encrypt it) tokens? (problem is the user can put the data as they want and then put the current token)
so any other ideas anyone??
This isn't about hiding requests, it's about implementing proper access controls. Your example is referred to as an insecure direct object reference in that manipulating values in the querystring relating to direct DB objects causes an unintended outcome (have a look at OWASP Top 10 for .NET developers part 4: Insecure direct object reference).
There are a couple of things you can do but the most important is implementing proper access controls. You must authenticate the caller of the service and authorise them to perform the requested activity (and this all has to happen on the server). In this case, angle should not be able to perform an action on behalf of darklord.
The other thing you can do is use an indirect object reference map (refer to the link above), which obfuscates the IDs of the player with cryptographically strong, user-specific alternatives. You probably don't need this in addition to the access controls but it does give you more unpredictability.
Finally, think about the flip-side as well - if darklord is able to pass the amount of damage as a parameter, what's to stop him from re-issuing the request manually with "life=-100"? It will depend on the specifics of how the attack action is performed, but you're going to want to avoid people gaming this action too.
You have to assume that the user is completely in control of the client JavaScript. The only way to make this secure is to do the check on the server side.
You should not send result of action. You should send action.
i.e angel shoot darkangel from point (7,15) with angle 36 degree
than server checks is it correct shoot and decrease lifes of darklord
There was an excellent answer given on this subject a couple of years ago. It actually refers to Flash rather than JavaScript, but the security concerns and techniques are going to be applicable to this situation too.
What is the best way to stop people hacking the PHP-based highscore table of a Flash game
You should never have the client tell the server what changes to make in player state (eg. remove X amount of health) because the client could always be cheating. Instead only have the client tell the server what input the player has made and then the server determines what happens as a result of that input.
Although this doesn't remove the possibility of cheating by writing a bot that plays the game automatically (and is better at the game than any human player) you at least remove overt cheating of the "I did 10,000 damage, trust me" variety.
Detecting bots is best done by tracking behavioral data and doing data mining to find cheaters. And if there is no behavioral difference between bots and human players, then who cares about the bots.

Secure data encryption and validation

Imagine a game for one player, which consists of a number of tests. On completing all of the tests, the player has the option to upload the results to a server - the player who gets the best results wins a big prize. The server needs to be able to validate the result data to see if it has been hacked or even spammed. Any thoughts on how that might be robustly implemented?
Basically you can't. Not even with encryption, code obfuscation or anything else. "Never trust the client"!
The only way to make sure no manipulation is involved is having every bit of game logic on the server and exposing only a GUI to the user. You could then send the commands (keystrokes, button clicks, etc.) the player issues to the server, validate them there (even this is not that easy!), handle all the necessary game logic and send back the result.
Of course this is unfeasible if your game involves anything timing-related, because for every player action there will be a delay until the player gets back the result and sees an effect.
For most games all of this is overkill and you just make sure they are difficult to manipulate.
Anti-hacking tools are available that can endlessly complicate the communication between server and client, obfuscate memory and routines, modify themselves every time they run, and so on.
Trouble is, most of the anti-hacking tools routinely get hacked, and if the prize is big enough, yours probably will be too. Even rootkits can get rooted. Not to mention the behavior looks so much like a virus that it'll set off warning bells galore and likely end up with a lot of frustrated former customers.
If it's a walled garden like an iPhone, I believe there are tools to ensure the phone isn't jailbroken, I'm not sure if they can be fooled, but that still leaves the problem that anyone could decode the communication and upload their own from something else entirely.

Resources