[Question] Are HTML/JS/PHP enough for rpg?

[DeepOde]

Hi. We are (right now, small) group of peoples who are trying to develop an online rpg (probably from scratch). I know its not a one step process. But I would like to ask if its possible with ONLY HTML, JS, PHP and their frameworks along with MySQL.

Some friends are suggesting Unity but I am confused about its performance cause all the Unity games which I've seen yet were highly graphic-rich and took considerably great time to load.

The process I am thinking right now is as follows although we have plan to develop it as Multiplayer game in future (far away yet) but right now, at least I, have no idea about how to do it. Although I've heard little that nodeJS is useful.
So, In addition you can also give details about multiplayer point but it is optional right now. Main focus is on main game play.

Game Flow
1. The Player will be registered in database as he/she registers for game.
2. The player will select starter pokemon, pokemon's data will be rendered and same will be stored in database using html form to some php file, it will be stored by codes for e.g. pokemon held will be stored by something like string having id no. of pokemon. In same manner their details and move will be stored.
3. When game loads, the details of user will be obtained from database by using simple PHP scripts.
4. Party and PC pokemon would be handled separately, so only party pokemons will be loaded at loading time for reducing time taken.
5. If some new data has to be added same would be added by inserting data in database.
6. For reducing load, only items which are required will be loaded at a time. For e.g. battle scripts will be loaded only when battle takes place.

I know its not as easy as I wrote above but I hope I can at least do above things. Please guide me if there are any issues (or serious issues) against this flow.

Also I will use CraftyJS framework for help in creating game.

Thanks in advance. Sorry if I missed something. Please tell me if I wasn't clear, I will give missing information.

 

[PinkCatDragon]

Hmm useing JS/PHP/HTML only i could see a game be able to be made. the problem i see is that there all interperted langagues that can be slow. i would say that game could be made but maybe unity or java will do it a bit better

 

[DeepOde]

So the game made with HTML/JS/PHP could be slow...thanks for telling that, what about unity? Will unity be fast?

 

[Satoshi Ookami]

Since you mention languages used in web apps, is it gonna be a web application?
If so, the slowness might not be that much of a factor as people expect web apps to be a bit slow =)

 

[☆Rei☆]

So the game made with HTML/JS/PHP could be slow...

Not exactly. I mean, a lot of games run in interpreted languages such as JavaScript. Besides Unity itself uses JavaScript. (Although it is under the alias of Unity Script I believe?)

 

[jacktheking]

I feel that PHP Based game is faster than the Unity or Java. I just created a game similar to Pokemon, Milkacrea. Using just HTML/CSS and PHP. To be honest, I'm not good at CSS. Also, I dont have much knowledge in JavaScript; that is why I did not use JavaScript in my RPG.

Before making a PHP based RPG, make sure you have a secure registration page and log -in page. Lastly, good luck!^^

 

[DeepOde]

Since you mention languages used in web apps, is it gonna be a web application?
If so, the slowness might not be that much of a factor as people expect web apps to be a bit slow =)

That seems legit, lol.

Before making a PHP based RPG, make sure you have a secure registration page and log -in page. Lastly, good luck!

Thanks for good luck! Btw, I was also wondering if it would be 'safe'. I know that even biggest companies like facebook (won't say google though) have some security falls and I have read somewhere that, "Anything on client side can be hacked.". So I know that its hard to make completely safe game but what factors shall I keep in mind?

Also if I have whole battle system on JS (and thus on client side) one can easily look to code, that's not big problem but can they send custom requests (made by them) to game servers? Like can they send request to server to increase their (in-game) money their selves? I know that these things like these are more suitable to be asked on some web-development forums but still, Is it possible to make PHP script respond only to requests made by particular sources (from inside the game only)?

 

[haishiro]

Just make sure that you do proper verification in your scripts. Obviously you shouldn't set up your code such that if you get a request to modify a game variable, your code does it without checking if it's legal and authentic.

In a nutshell, you can probably do everything needed for Pokemon game in HTML/CSS/JS/PHP. It's just a matter of performance and how much work it is for you to do so.

 

[DeepOde]

Thanks gonna do it!

Once again thank you all for your help.

 

[Pokemon-Planet]

It depends on what kind of game you want to make.

Heavily text-based? You can definitely do so using the languages you've said. Speed shouldn't really be a problem. However it sounds like you want to store data in files and then simply read the files to get the data back, don't do that! Use a proper database handler like MySQL. PHP and MySQL go hand in hand and it's really easy to implement. I use JSON arrays to store pokemon data in a MySQL database for my game (although not PHP-based, the game communicates with php and mysql to store data).

If you want to make more of a visual/interactive game Flash or Unity would be the way to go. Do some research, look up game engines and languages and see what works best for what you want to accomplish.

That seems legit, lol.


Thanks for good luck! Btw, I was also wondering if it would be 'safe'. I know that even biggest companies like facebook (won't say google though) have some security falls and I have read somewhere that, "Anything on client side can be hacked.". So I know that its hard to make completely safe game but what factors shall I keep in mind?

Also if I have whole battle system on JS (and thus on client side) one can easily look to code, that's not big problem but can they send custom requests (made by them) to game servers? Like can they send request to server to increase their (in-game) money their selves? I know that these things like these are more suitable to be asked on some web-development forums but still, Is it possible to make PHP script respond only to requests made by particular sources (from inside the game only)?

It's entirely possible to make a safe game with PHP. PHP is server-side, so the code is run before the webpage is generated and the user cannot see the code. You want to make all changes to sensitive data (money, credits, pokemon, experience, etc) server-side. If I were you, I would convert the JS battle system to PHP and then have javascript communicate with the PHP battle system when necessary.

I could talk for ages about secure client/server communication but its a heavily discussed topic-- do some googling. For starters, never trust the client, encrypt all data, validate everything from the client, and depending on the situation sending an encrypted timestamp to the server can be a good idea.

 

[UnderMybrella]

...never trust the client...

This. This, this this and this. Clients can be wrong, confused, or straight-out malicious. Always verify data.

Speaking of which, something no one seems to have mentioned. Please, for the love of Arceus, if you are storing passwords (Which you probably will be, if it's a webgame), do NOT store passwords in clear text. Salt the password and hash them, please! Here's a good question about it (https://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords), but I cannot stress this enough - as you are running the server, you have the responsibility of the users passwords on your shoulders.

..

Also, in reply to your question about if a client can send custom requests - I'm not sure about PHP, but I KNOW for a fact JS can be manipulated via a console (Which most browsers have). You could try IP verification, not too sure how that would work though

 

[☆Rei☆]

I'm not sure about PHP, but I KNOW for a fact JS can be manipulated via a console (Which most browsers have). You could try IP verification, not too sure how that would work though

I'm almost certain PHP cannot be manipulated by web browsers since (if I remember correctly), PHP is parsed through the server itself then just simply displayed as HTML.

 

[Citrix]

I'm working on a php pokemon rpg. Very possible, fast, and simple to make.

And no, php cannot be manipulated by web browsers. It is server side.

 

[Newbie_Forever]

Creating a Pokemon game with PHP and JS is completely doable (even if it is not text based, with canvas or webgl you can do pretty games).

For the server, you can use PHP (and AJAX), but other technologies could be faster/better (like Node.js with Websockets, or JEE).

I made a prototype of a pokemon game on browser with canvas technology and even though I'm far from being a skilled programmer I managed to do something cool.
So I think that with enough motivation you could make really good game with PHP/JS.

 

[Aaronn]

It's impressive that you were able to create a PHP-based game like Milkacrea without much expertise in CSS and JavaScript. However, comparing the speed of PHP to Unity or Java for game development might not be entirely accurate, as PHP is typically used for web scripting, while Unity and Java are specialized for game development.free fire name