Forums » Impact Engine » Z-Type Top Scores

I just came across Z-Type and I love to rock out with it, but I'm curious about how my score would compare to a leader board. It would be really cool if you indexed the top scorers in a hierarchical fashion so that we could see how our performance compares to a leader board!

The problem with doing something like this is figuring out fraudulent entries.

The Facebook Version of Z-Type has an online leaderboard.

Detecting fake scores is a bit of a problem - saving a "replay" on the server adds some security. But even then, a game like Z-Type can be easily played by a bot.

Can't use the Facebook version of Z-Type because I get this error: http://i44.tinypic.com/tamv0z.png

Unfortunately Facebook only allows https connections and it automatically switches me back to https if I try to manually enter http... I'm thinking that the best solution here is to ask users to solve a captcha to submit their score to the leader board... That would nuke the problem.

Oh no it wouldn't. Speaking as someone who works on forum software, where spamming is a daily problem (this forum is exempt from spam for one reason, it's unique and unusual, so it's not worth a spammer's time to either find it or try spamming, and we have had human spam here), CAPTCHAs just do not work.

I've seen all kinds of things to defeat CAPTCHAs, even down to seeing neural networks to solve CAPTCHAs written in JavaScript.

Consider it this way; if you had to enter a CAPTCHA to record a high score, would you bother doing it?

i wouldn't enter a CAPTCHA just to post my scores.

you could post the scores automatically for the user. At the backend, use some form of security to prevent outrageous score numbers from being saved.

Alright, so I guess that the only solution here is for Z-Type to support https connections because we simply cannot connect to Facebook over port 80. Why are you blocking port 443 anyway?

No point leaving port 443 open unless you have an SSL certificate to actually serve HTTPS (which would otherwise cause problems) but on the other side, a decided number of FB apps won't run nicely in HTTPS anyway which means most users I know actually don't run HTTPS even if FB gives them the option...

What I'm trying to say here is that there is NO possible way to play Z-Type on Facebook because Facebook automatically redirects any port 80 (http) connections to port 443 (https). The only possible solution here is for you guys to simply allow https connections on the Facebook app! Hope that we can arrive at a solution here because I love Z-Type!

It doesn't work like that, as port != protocol. You can run HTTP over any port you like, just as you can run HTTPS over any port you like (and I frequently do both)

There is a reason HTTPS is not supported, it would require having a certificate on the Z-Type server. An expensive SSL one.

In any case, I refute your "NO possible way". I just went into the game, works absolutely fine here.

The reason it works for me and not for you is because I have the 'auto use SSL' turned off because it breaks other things I'm quite partial to (including my own stuff, because I don't have an SSL certificate)

If you want to play it that badly via FB, you'll have to turn off using HTTPS in Facebook, unless you want to pay for an SSL certificate...

To add to my last post, I figured that I'd snap a video shot of this all happening to me. Hope that we can find a solution here! --> http://youtu.be/a4HYw-wnugE

nm, I disabled secure browsing like you said and it worked.

Well, it looks like our nifty little solution created a bigger problem. Now I can't access my bank account because the bank only allows https connections. Looks like I won't be able to use Z-Type because I have to turn the secure browsing back on so that I can access my bank account. Please come up with another solution for me because I don't want to let go of Z-Type because I love it!

Your choices, then:
1) Play it outside of Facebook, as it is accessible there. http://www.phoboslab.org/ztype/
2) Someone will have to pay for an SSL certificate for the server so it can host HTTPS connections.

Google searched for free certificate authorities and Google brought up several. Check it out here: http://bit.ly/FreeSSL

Yeah, and there's a reason most other providers require thousands of dollars per year - it's all about the certificate's reliability.

The first two or three on that search result are basic validation only. More than one current browser will actually disregard those, especially with the changes being rolled out by Google into Chrome in the future.

But let's go through the list.
StartSSL - only issues class 1 certificates for free, and in any case they're expecting you to buy a class 2 certificate (it's not clear why a user would have to, but anything which makes money probably would have to - and certainly class 2 does cost money because that has non-automated validation of identity documents). Current versions of Firefox consider this certificate authority as untrusted, meaning that it'll flag up a warning to any user on Firefox.

Comodo - their free SSL certificate is valid for only 90 days, after which you have to buy one of the actual certificates.

RapidSSL (freessl.com) - doesn't actually appear to have a free option, and if it does, it's under a "try" banner, which suggests like Comodo that they want you to pay for it.

CACert.org - if their own certificate is considered untrusted, why would I want to use one?


You see, producing a certificate itself is not a problem. More than one of my sites is running from a self-signed certificate, but because it's my site and only open to a few people, I gave them the details by which they could consider my site a valid authority (which means I get encryption out of it, which is the point)

The problem is down to the reliability of the CA issuing a certificate, and none of the free providers issue with any real reliability. That's why Verisign and co can charge thousands of dollars per year and not have a problem in so doing it, because people will pay that money for a service backed by a reliable firm, that has serious guarantees available in the event of loss, and on top of that, they're considered trusted by more browsers than any of the free entities.


Though, given that there is absolutely no reason to play via Facebook when you can just play via the link I posted (you can easily bookmark it) instead of getting into the realms of configuring a server specifically and using extra processing power for it.

Also, I'd seriously wonder why you're using Facebook to log into your bank. That's a security and privacy nightmare waiting to happen.