Posted on by julie · 1 Comment

More complexities

Due to the fact I had a JavaScript midterm last week, I haven’t done any coding for my game project. That’s okay. This is not going to be something I’m going to hack out over the course of a week. Or a month. This is going to take a long, long time.

In the meanwhile, I’ve been doing some reading.

Let’s talk about usernames: Excellent read. Also, horrifying. As I was reading, I came across this line:

There’s our user table, there’s our unique username column. Easy!

That’s exactly what I was thinking. That’s how to make something unique, right?

And then I kept reading. Case-sensitivity, normalization, punycode, other alphabets… Also, single-script confusables (ie: a lower-case L and a number one and a capital i, l 1 I, all look ridiculously similar in many fonts. Is that a problem? And what about unique emails? Gonna have to take the + sign that Gmail allows and nuke everything after it to ensure true unique mails. Also, remove all periods in the email’s username portion. And what about names like “root” or “admin”? Probably should disallow those, too.

So that alone gets complicated.

Then I did some more reading about PHP web apps in particular, in terms of best practices, just to make sure I’m on the right page. This page, PHP Best Practices, is a great resource. It’s mostly in English, basically, which is useful. Or, at the very least, I can understand it. It also goes into detail about why or why you should not use a specific way of doing things.

So in terms of storing passwords, I’d been right — this resource recommends bcrypt hashing. That’s wonderful.

In terms of connecting to, and querying, a MySQL database, not do much. Turns out the method I hated most (PDO – PHP Data Objects) when learning is the newest and most robust method, particularly when using prepared statements. All of my testing code to date uses mysqli, so that’s something I need to rewrite to ensure it works okay.

So lots of reading and understanding done there and more to come, I’m sure.

In other news, I successfully installed a Let’s Encrypt SSL certificate all by myself for one of my (many) domains. The only bummer is that they expire every three months. Still, refreshing them takes like, five minutes. So it’s not too bad. And it’s free! That’s one of my projects for this spring: Get all of my sites to be on SSL, using HTTPS, even though I basically don’t ask for any user information whatsoever. Why? Because Chrome is starting to list things as “insecure”. So that’s something to do.

Finally, in terms of work, can I just say how delightful it is to have a job that allows us to work flexibly? I was about an hour and change short of my 40 hours last week, so I made up the time this weekend. Of course, in making up the time this weekend, I actually worked for almost three hours. So because I worked an extra two hours or so, those are banked against next week’s time. Normally, I work 9-hour days on Mondays or Tuesdays (sometimes both) in order to make up for class on Thursday, but seems as though I won’t need to do so this week. And the bonus is, I’m all caught up on my own outstanding tickets. Whew.

All right, it’s now past midnight, so I should consider going to bed, now. Have an excellent week!

Posted on by julie

Continuing Adventures in Coding

Well, it’s 12:43am on Wednesday, February 14 (… happy Valentine’s Day?) and I feel like a coding badass.

Why? Well, two reasons.

The first is that I was working on Tuesday and someone had a ticket open with me that was complaining that one of our plugins was forcing use of the http protocol, rather than the https protocol. And I’m like “pfft, no way,” so he sends me a video and shows me and I’m like… “whaaaat?”

So I went digging around on GitHub in the code.

Sure enough, in the abstract class file (which, in case you’re unaware, serves as a template, if you will), there was a reference to a variable for a base URL… which had http hardcoded as the protocol to use.

Now, that might not seem like a big deal, because so much of the web is insecure and has no real need to be secure. But we deal with ecommerce sites, so HTTPS is, more often than not, in use on these sites. So why on earth didn’t the developers use // as a protocol agnostic prefix to the base URL? No idea. Literally, no idea.

Of course, this was coming from me, with my whole entire 80 hours of PHP under my belt, so although that’s what it looked like to me, I wasn’t certain. I flagged it to a developer who took a look and said “great sleuthing!” and she pushed some changes which made it into the release that’s going out this week. I was so surprised that:

a) I was right

b) This code existed in the first place!

I mean, I haven’t done any secure sites ever, but I learned at my last workplace that one needs to account for whether or not the client will be using an SSL certificate, so you should always use // instead of specifying http or https. Makes sense. I checked the history and it appears that the two lines with http in them had been there since, oh, the start of the plugin. hahaha.

So, that’s one reason I feel like a coding badass.

The other is that, with a nudge from an online acquaintance, I managed to finish my JavaScript assignment in which I have to show the current time in six separate timezones: Houston, London, New York, Seattle, Sydney and Tokyo.

It took me longer than I’d like to admit, but I finally got it to work. The main issue was that I’d accidentally written newTime=newtime.settime(newvalue) instead of just newtime.settime(newvalue).  ¯\_(ツ)_/¯ The secondary issue was that my universaltime variable wasn’t going to GMT/UTC, for some reason, which ended up being “Julie, you’re stupid and altering the wrong variable before passing it back.”

Anyhow, my JavaScript assignment is now done and tomorrow night, I can actually study for my midterm on Thursday.

Just six more classes (including Thursday) before I’m done! And then maybe I can return my attention to my game.

No real updates there, although I now have figured out I’m probably just going to end up using bcrypt as my password hashing method. Literally, the only piece of personally-identifiable information I think I want to store that belongs to a user is an email address. No reason for anything else, so I don’t think I need to go all out for security. Still, I did a lot of research and reading and feel a lot more comfortable with what I’m going to be attempting here, at least when it comes to users.

Okay, it’s getting late and I should be up in about 8 hours to work, for eight hours, and then study for the rest of the evening.

Posted on by julie

Oh, the complexities!

It occurred to me today that if I’m going to build a game that I expect other people to play, that they’re going to have to log in to… I’m going to need an SSL certificate.

That’s down the road, of course, but it would be foolish to have any data transferring between individuals and my site without using the HTTPS protocol.

That’s not the only complexity. I was thinking about how to best go about a registration/login process and it dawned on me — I need to figure out password hashing, salting and that kind of stuff. I already know stuff like “md5 is bad” and we used bcrypt in my PHP II class, in conjunction with the password_hash function which (when using PHP 7, which I am) adds a salt. But is that going to be enough? My reading suggests yes, but it’s still not fully solidified in my head, so more reading is required.

Additionally, password resets! My reading recommends a one-time, short-expiry token to allow people to log in from the email sent out to them. While I think I know how to pull that off, thanks to PHP II, I suspect this is going to be a pain. Still, I want to make certain that people’s accounts aren’t easily compromised, so I’m inclined to spend more time than less when it comes to this kind of thing.  And I’ll need more time because all of this is also still fuzzy in my head.

Still, in order to make any kind of forward progress in terms of gameplay, I need to make sure I have a login functioning properly, even if I don’t do a registration yet and just populate the user table with a couple of user accounts when I spin up my Docker containers. That means I definitely need to get the password hashing stuff figured out and understood properly before I implement something. Then, maybe I can move forward in the rest of things.

I knew this was going to be a hell of a big project to undertake. I may have underestimated it a little bit. Still, all of this learning is pretty great. More of it to come, clearly.

Posted on by julie · 1 Comment

Project update!

It’s me again! I know! It’s shocking. It’s only been a few days since my last post and yet, here I am!

I started playing around with some code for my game.

I was planning all kinds of things out (oh god, the things I’m going to have to do!) and I suddenly was consumed, paralyzed, with this fear: what if I can’t even do the basic stuff I think I know how to do???

For me, the basic stuff is the questions and answers of the trivia portion of the game, which will be the majority of it. While I was thinking about the game itself, I was like “yeah, sure, I know how to pull a single row from a database!” and “yeah, sure, I know how to pull something from the resulting array!” and “pfft, how hard could it be to make it a random question?”

So I decided to dive into it. It’ll all need to be rewritten, of course, because it needs to be built within the game’s framework and right now it exists on a trivia-test.php page (and a private GitHub repo, thank you for loving students like you do!), so it’s messy. But it works. I can randomly pull out a row from the question database. And I can display the question to the user. And I can take the user input and transpose it all to lowercase, then match that to the answer in the database (which is all lowercase) and I do that because, that way, OTTAWA, Ottawa, OtTaWa and ottawa are all valid answers to the question of What is the capital city of Canada?

So I can do this. I can actually do this. And man, that’s super exciting.

I’m still working on the narrative for the story (my friend Lisa is helping me). I’m also still working on the gameplay itself, since it’s still kind of fuzzy, and I’m picking my friend Andrew’s brain about that, since he has probably played more games than anyone else I’ve ever met. My brother insists there be a fishing component to the game and it does make sense, so I’m thinking that there will be a side-quest to level your fishing skill and such. My brother’s going to help me with ideas for how that should go, too.

The coolest part of this so far, apart from realized I can do this, has been figuring out how to organize the databases. I really liked SQL when I took it last winter, and I enjoyed using it in Java class and through PHP. I am not, by any means, an expert, but I really kind of dig SQL. I’m more comfortable on the command line, owing to how I learned, I guess. It’s fun. It’s cool to be able to use Docker to build my database when I restart my environment and I love being able to basically ssh into the container on the gitbash command line and test stuff in there. It’s fun and challenging. Will my alter table command work? Will this command retrieve what I need it to? It’s awesome when it does.

Anyway, that’s it for now. Just wanted to be like yeahhhhhh! More to come, I’m sure.

Posted on by julie · 2 Comments

A Crazy Idea

Oh, hello! Didn’t expect to see me so early in the new year, did you? It’s only been about five weeks since my last post, so I know, this is weird. ;)

I passed PHP II. Not only that, I kind of did pretty well. I nailed a bunch of stuff on my final project and am still feeling pretty good about that. I saw The Last Jedi with my brother and his friend A on December 15th. Afterwards, we stopped in at our parents’ house, where my brother would have dinner with them and his wife and the two kids, while I… had to go home and code until my fingers bled. So I bounced my youngest nephew on my knee for a bit, squeezed the eldest in a hug, then headed back home.

It all started to just click for me. I would have passed, if I’d handed things in as they were. But it would have been something like a 65% or something and that would have stuck in my craw. So I was thrilled when things just started to click and I was able to build out a lot of the required functionality that, to that point, hadn’t been working right for me. At the risk of sounding cliché, the force was strong with me that night and I finished the class with an 87%.

So that was a relief, but I also felt like I learned a lot of lasting knowledge in PHP II — and not just PHP stuff, either. We’re talking stuff like gitbash, git, Docker, containers, APIs, JSON, all kinds of stuff. It’s pretty cool and I’m so glad I learned that along with the PHP stuff I learned.

And now, JavaScript & AJAX has begun.

Once I’m done with this, by the end of March, I’ll have my Diploma in Web Programming. That represents 260 hours of class alone. I don’t even want to think about how many hours I’ve slaved over this material outside of class, but it was easily as much time in class for each — if not more, especially in the case of Java. So we’re looking at about 520 hours, if not more, working through HTML/CSS, SQL, Java, PHP and now JavaScript and AJAX.

I can’t wait to be done and reclaim any portion of my free time again. ;)

And speaking of free time, I have a crazy idea.

I spent a lot of time playing on the computer as a kid. A lot. Not a lot playing triple-A games or first-person shooters or whatever (although there were a ton of games from Sierra and such, of course). No, what I spent probably way too much time doing as a kid was calling in to local Bulletin Board Systems and writing on message boards and playing online games. I spent what must be years of my life playing Trade Wars 2002 and Legend of the Red Dragon, which were two of the most popular BBS door games that existed.

Another one I loved was written by a friend of mine. It was called Sky Mountain. The goal was to climb to the peak of the mountain, at 241,000 feet, but you had to mind the Sky Lord and the other climbers on the mountain. The way you climbed the mountain was by answering trivia questions. (Or was that how you gained health? Magic? Whatever, trivia questions were vital.)

So I’m going to take my neophyte PHP skillz and create a web-based game. Details are very fuzzy right now, but I’m planning on a game that harkens back to Sky Mountain in that it has a lot of trivia in it, which will, naturally, be vital to game progression. I’m hoping to have over 4000 questions to start with, in a ton of categories, and I also hope to have a reasonable mechanism to prevent duplicate questions (outside of just having a metric assload of questions to draw from). We’ll see how that goes, since, you know, I’m going to write all these questions myself. While I’m sure that there are open-source trivia databases out there, if this is my game, it’s going to be my game, at least for the content. Some of the questions will be easy to come up with — periodic table stuff, for example, or capital cities. Stuff about geography, music, religion? All a little more difficult.

So that’s my plan for basically the rest of the year. My goal is to have a working beta by late September. Of course, I can’t dedicate much time to it right now because of class, and I do have a full-time job (which I love) and I do have at least a couple of trips happening this year, plus there’s National Novel Writing Month in November… It’s going to be challenging for sure, but I’m really looking forward to taking all the stuff I’ve learned (and will be shortly learning) and incorporating it into a real, actual project.

I’ll be sure to check in again before JavaScript/AJAX ends!