Link to site.

The Button is a KotH-style game where the last person to click a button has their username shown on everyone's screen, at least until the next person clicks the button.

It's pretty basic right now and in dire need of styling, but I'm working on that and a leaderboard system.

I showed it off on IRC/SAX and nearly everyone who tried it seemed to enjoy it, so have fun!
How about adding a high score list that shows who pressed the button longest.
You're probably already working on this, but you may want to change how usernames work, every time I refresh it asks me for it again.
The battle between me and everyone else:

The secret?
Expect these exploits to be patched by tomorrow (and yes, one can easily patch them).

Basically, unbypassable button cooldowns.
Nero_the_Necro wrote:
_iPhoenix_ wrote:
Expect these exploits to be patched by tomorrow (and yes, one can easily patch them).

Basically, unbypassable button cooldowns.



Dang it, there might be a way around that though...


No, there won't. Trust me on this one.

Please stop doing this. It ruins the fun for other users, and basically amounts to you being a jerk. I can simply stop providing my services for you to abuse.
Could you possibly make a table/chart/record of the clicking history? That could be cool Smile
Hellllp, TheButton has become a chatting site! People keep changing their usernames! Also add a profanity filter!

Good work on the spam prevention though, it worked Razz Er, kinda, there's still work to be done
Michael2_3B wrote:
Could you possibly make a table/chart/record of the clicking history? That could be cool Smile


I'm planning on having a leaderboard for the users with the most time. I like your idea, though; I'll add that eventually. It's super easy with my current setup!

TheLastMillennial wrote:
Hellllp, TheButton has become a chatting site! People keep changing their usernames! Also add a profanity filter!

Good work on the spam prevention though, it worked Razz Er, kinda, there's still work to be done


I'm implementing google auth, where you can sign in with a google account and you can enter a username with that.

This will help with impersonation on the leaderboard, open up new possibilities for me adding new features, and much, much more.

The spam prevention will just throttle you if you click the button more than <x> times every <y> seconds, similar to what's on UniChat.

As for a profanity filter, that's really hard. The first problem is that I don't want to be storing a list of profane words in my repo, even if it is encoded in, say, RC4. The second problem is that people are endlessly creative. Seriously.
_iPhoenix_ wrote:

As for a profanity filter, that's really hard. The first problem is that I don't want to be storing a list of profane words in my repo, even if it is encoded in, say, RC4. The second problem is that people are endlessly creative. Seriously.


You could just use a library that has an external list of profane words for a filter to solve that problem.
To prevent chat-like names, just forbid spaces in names.
jcgter777 wrote:
To prevent chat-like names, just forbid spaces in names.


Yeah, but what about using capitals or underscores to mark a new word? Like this: HelloEveryone or Hello_Everyone. That needs to be fixed, too.
NoaxPrime wrote:
jcgter777 wrote:
To prevent chat-like names, just forbid spaces in names.


Yeah, but what about using capitals or underscores to mark a new word? Like this: HelloEveryone or Hello_Everyone. That needs to be fixed, too.


What if I implemented what I said I was implementing, authentication, that only lets you change your username once?
I'm super happy right now! Big update!

+ A leaderboard, of the top 5 users. - Note that the times are recorded after you get "overthrown".
+ Username uniqueness check
* Usernames are restricted to word characters
+ Times are recorded!

It's been a wild ride in the past few hours, I've been really busy adding these changes while under a time crunch.

Huge thanks to TheLastMillennial and Michael2_3B for helping test things for me.

I promise that the hour I have currently is entirely legitimate, it was gotten while testing features. It shouldn't be too hard to beat, have fun!

In order to use it, you have to create an account by linking a Google account. I can't see any of your information besides your email address, which I don't really think you will care about. I promise that I won't send any emails without asking and won't share your address with others, unless you explicitly ask me to, for some reason.

https://legend-of-iphoenix.github.io/TheButton/
I think something is wrong with the leaderboard. Sometimes the time increases faster than one second per second.
jonbush wrote:
I think something is wrong with the leaderboard. Sometimes the time increases faster than one second per second.


This issue is part of a huge vulnerability in the software. Basically, Date.now(), the function I am using for most timestamps, relies on the computer's local/system time.

As I explained to Unicorn, I could set my clock 5 hours back and it would give me five hours.

The only solution to this is to have some form of centralized, global time. Thanks to Juju/Yuki/juju2143, a new system for getting a global timestamp has been devised, using Firebase's firebase.database.ServerValue.TIMESTAMP placeholder. It's quite simple yet it would take too much time to post about here, but it should get the job done. I'll explain when I have time, for posterity.

Just for clarification, I am using Google Firebase and GitHub pages for my backend and hosting, respectively. Google Firebase is a great database and authentication service, but you cannot run any code on it. You can use it in multiple languages, too. I'm using it in JavaScript, but it supports C++, Android Java and many more languages. GitHub pages is great for hosting front-end code like JS, CSS, and HTML, but that's about it. You cannot host, say, PHP like I would much rather be using.

Anything recorded from about an hour ago until about 4 PM EST tomorrow will not be saved. We encourage playing around with the service and responsibly reporting other vulnerabilities, as long as it does not significantly affect other users to do the same thing. Please don't go too crazy.


What is this? Razz Why am I not on the leaderboard? Laughing


It's pretty fun, but auto-clicker extensions still work (allows for cheating Sad ). I don't use them though, alright? Razz


EDIT:
Since I think the score is just racking up how long your clicks lasted, some of my github issues are irrelevant. How about a display that shows your current score? (if you're not on the leaderboard maybe?)
And if it does count all of your time, maybe faster updating, while you're still counting up?
Also maybe add numbers/places for the leaderboard? And highlight the user's names? (probably already thought of in your styling plans Smile)
Fix your security. You should not be doing the date and time clientside.
commandblockguy wrote:
Fix your security. You should not be doing the date and time clientside.


Did I not say I was working on it and it would be fixed later today? My previous post indicated that I knew both the source of the issue, why it was bad, why I had to choose it anyways, and how I am going to fix it. I even abused it myself today to make it extremely clear that I knew it was a problem.

Edit:
I think I fixed it. I'm not restoring the actual scores for a few hours so that people can continue to test out vulnerabilities.
https://legend-of-iphoenix.github.io/TheButton/
Is this a bug, a hack or a test fluke thingy?

115739832 days for _iPhoenix_? This site's only been up for like, 2 days! Exclamation Razz
SM84CE wrote:
Is this a bug, a hack or a test fluke thingy?


Yes.

There is currently an exploit that allows users to accrue huge amounts of time by changing their local clocks. _iPhoenix_ exploited this bug himself so show that he is aware of the issue.
jonbush wrote:
SM84CE wrote:
Is this a bug, a hack or a test fluke thingy?


Yes.

There is currently an exploit that allows users to accrue huge amounts of time by changing their local clocks. _iPhoenix_ exploited this bug himself so show that he is aware of the issue.


Actually, I fixed it Smile.

I cleared the leaderboard. As I am posting this, nobody has any time registered.

Enjoy!
  
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.

» Go to Registration page
Page 1 of 3
» All times are UTC - 5 Hours
 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Advertisement