TouchPad class for AS3+Starling.

When I started developing games for Android I had to work pretty hard to invent a good controller, It has been created to meet the needs of my shooter game Beekyr. But Im sure it will work in other kinds of games.

I couldn't find anything that was good enough so I made one that works very well...

UPDATE, VER2: Allows two fingers and works better than this version. VIEW UPDATE HERE!

At the moment only allows one finger, if you want to extend this class feel free to do so!

package beekyr.controllers
{
    import flash.geom.Point;
    import starling.display.Quad;
    import starling.events.Touch;
    import starling.events.TouchEvent;
    import starling.events.TouchPhase;
    public class TouchPad extends Quad
    {
    /**
     * ...
     * @author Jaime Dominguez for Beekyr : 2013
     * http://www.jaimedominguez.com
     */
       
        private var _moveVector:Point = new Point();
        private var _latestVector:Object = new Object();
        private var _sensitivity:Number;
        private var _touching:Boolean;
       
        public function TouchPad(width:int, height:int, sensitivity:Number = 1) {
            super(width,height,0xff0000);

            _moveVector = new Point();
            _sensitivity = sensitivity;
            _touching = false;
            alpha = 0;
            addEventListener(TouchEvent.TOUCH , _handleTouch);
        }
       
        public function getLatestMovement():Object     {
            _latestVector._vX = _moveVector.x * _sensitivity;
            _latestVector._vY = _moveVector.y * _sensitivity;
            _latestVector.touching = _touching;
            _moveVector.x = 0 ;
            _moveVector.y = 0 ;
            return _latestVector;
   
        }
       
        public function setWidth(w:Number):void {
            width = w;
        }
       
        public function setHeight(h:Number):void {
            height = h;
        }
       
        public function updateSensitivity(s:Number):void {
            _sensitivity = s;
        }
       
        private function _handleTouch(e:TouchEvent):void {
            e.stopImmediatePropagation()
            var touchArray:Vector. = e.getTouches(this);
           
            if (touchArray.length>0){
           
                var touch:Touch = touchArray[0];

                    switch (touch.phase)
                    {
                        case TouchPhase.BEGAN:
                            storeThisPos(touch);
                        break;
                       
                        case TouchPhase.ENDED:
                            stopMovement();
                        break;
                       
                        case TouchPhase.MOVED:
                            getMovementVector(touch);
                        break;
                       
                    }
               
            };
           
        }
       
        private function stopMovement():void
        {
             _moveVector = new Point();
             _moveVector.x = 0;
             _moveVector.y = 0;
             _touching = false;
        }
       
        private function stopMovementVector():void {
            _moveVector = new Point(0, 0);
        }
               
        private function getMovementVector(touch:Touch):void
        {
            _moveVector = touch.getMovement(this);
        }
       
        private function storeThisPos(touch:Touch):void
        {
            _touching = true;
        }
   
    }

}

With this class initialized at start of the game. Then you need to collect the values in each loop of the game with:

_speed = _game._touchPad.getLatestMovement();

IT will return a vector of the lastest movement.

You can adjust the sensitivity too with:

public function updateSensitivity(s:Number):void {
            _sensitivity = s;
        }

 

PHP security.

I recently discovered a blog post that I had written back in 2008 but it is still relevant today So I have decided to release it now in 2013.

This was the original post:


I have been recently reading a book about security. And I thought it was good to share all this new knowledge with the rest of the world.

There may be lots of practices that I'll miss but this text intends to be tips to be considered while programming any PHP app. :


Filter all the data you manage:

Golden rule:
All data you receive on your PHP scripts is invalid until is filtered and validated.



Use SSL every time you send sensitive data. Such login details or credit card data.


Differentiate your variables between verified and unverified. Create an empty array where you can copy all clean variables. This way will be a good thing to do verify that you are using the correct valid variables:

$cleanVars = array();

//if a variable is validated successfully you copy the value into the new array:

switch ($_POST['colorEyes']){

case 'brown':
case 'blue':
case 'green':

$cleanVar['colorEyes'] = $_POST['colorEyes']

}

Once you have filtered all the data:

Use htmlentities() to escape HTML code and html_entity_decode() to decode it.

To send strings into SQL queries use: mysql_real_escape_string().

Ask for re-login some times for specially delicate movements such password reset or contact details among others.

To check if a string is alphanumeric use: ctype_alnum()

When receiving a file name link as string you don't want the hackers to be using relative or full paths, you want just file names and deal with the directories on the script. Erase all possibility of path edition on the variables using the function basename()



Include files:
Set the includes outside root directory.
They can be anywhere and make sure that only the server and only your internal user is able to access them no one else need them. Use .htacess for this matter.

Credentials such password and username for databases should be stored in a file named db.inc
Make sure that inc is treated like a php file and if u want to deny all access to INC files u can configure Apache htaccess to deny all requests to that file extension by normal users:

<Files ~ "\.inc(.php)?$">
Order allow,deny
Deny from all
Satisfy All
</Files>


Dangerous functions:

Try to avoid using the next functions:
eval , exec, shell exec, passthru, system, popen, preg_replace, proc_open, file_get_contents, readfile, file, ini_restore, symlink, fsockopen, escapeshellcmd

Then disable them on Apache with disable_functions. If some of the functions above has to be used then be very careful how you use them...


Apache security:

Have a look at the php.ini and have a look at these apache directives:

allow_url_fopen
disable_functions
display_errors
enable_dl
error_reporting
file_uploads
log_errors
magic_quotes_gpc
memory_limit
open_basedir
register_globals
safe_mode (not used anymore?)

They are all gathered in this php.net page, (you have to scroll down, it is not very well structured)...

Some Apache security.

I recently discovered a blog post that I had written back in 2008 but it is still relevant today. So I have decided to release it now in 2013.

Apache Security

I have been receiving attacks from someone using zombie computers and banning IPs on Apache.
That didn't stop the attacker as he was able to use different IPS for the same attack. So I decided to fix the problem from the root problem.

I checked apache.log and I saw that the attacker was trying to erase some internal Windows files using a PHP file he uploaded by him self using some kind of vulnerability of the XAMPP default settings.

The biggest problem was that I didn't have a password set for phpMyAdmin software so it was like a big hole in the security.

Now I know what to do:
Go to myphpadmin folder and in config.ini
find the next line and set it to authenticate using http and not automatic!

$cfg['Servers'][$i]['auth_type'] = 'http';

Another good thing for security is to disable directory listings. So when a user tries to open a folder, Apache doesn't show the files on the folder...

on .htacess add the following line:

Options -Indexes

Improving JSFL performance

I'm currently working with JSFL.

What is JSFL? JavaScript for FLash . It's a scripting language that allows to automatize some tasks interacting with Flash GUI to store or edit data.... like here: It stores the keyframe's properties of specific Movieclips.

I have made a levels editor for my game where I can edit the path of enemies too.


I made it using MovieClips where I would detect key frames and store the coordinates in that frame.

I have all Movieclips stored in the library, and the script I generated checks all objects in library to export the relevant data to JSON, but it was taking too long. How long? About 2 mins to process ~10 paths in a 6 core 3.4GHz machine. This is far too long and would make sense the need to optmize code.

I was processing many things but I isolated the problem:  the bottle neck was the keyframes detector function.

function getKeyframes (layer){
   var keyframes = [];
    for(var f in layer.frames){
      if (f==layer.frames[f].startFrame){
            keyframes.push({
            frame:layer.frames[f],
            index:f
         });
      }
   }
    return keyframes;
};

It was taking very long time per MC. I played with code and I finally improved it by changing it to:

function getKeyframes (layer){
   var keyframes = [];
   var layerFrames = layer.frames;
     for(var f in layerFrames){
      if (f==layerFrames[f].startFrame){
            keyframes.push({
           frame:layerFrames[f],
            index:f
         });
      }
   }
    
    return keyframes;
};

After this, the script takes about 2-3 seconds instead of 2 mins.

A note for the reader: I usually optimize all my code but since this JSFL script is only executed every now and then I didn't think it was necessary to optimize it.

I hope it helps to someone!

Thanks for reading!


  

Ending up with AIR + Citrus Engine [Starling+Box2D]

Today I want to talk about how I ended up using Citrus Engine.

So, I wanted to create my first game for phones, game-hubs, and maybe Facebook.  Flash is not the only thing out there and I had to look for new technologies. I don't want to get rusty....

I looked at CoronaSDK, PhoneGap, AIR and Unity3D:

Kerb guys told me Corona was good. But I wasn't happy to tray a product that costs $349/yr,,, what if I don't like it? Not sure what to do. I decided to put it on hold and look more and if nothing good comes I would try Corona.

The idea of developing anything serious with HTML and JavaScript, makes me ill. Instantly discarded.

Unity3D

I have a bunch of friends that use it, some of them like it and some don't.

I like the work flow and the GUI. I was extremely familiar with the syntax (C#) so I liked the idea of developing with Unity...

I looked at the prices... and it says:

"Unity Pro :$1,500 All the high-end features today's professional developers need."

Whoops that's a bit pricey.

If I want to develop flash + android + iOS is $1500 extra per OS (that means $6000). No thanks!

There is a free version. Yay!

But.... If I want to export to flash that will be $400. There is more, If i want to export to Android... another $400.... and same thing with iOS, (another $400). Just great.

I would end up paying $1200, so: not free!

I friend told me to have a go anyway, there were some discounts at the time...

So, I almost started with unity3D but I thought that for my first own commercial game I would like to use a technology that I am conformable with. Is hard enough to build a whole game so imagine with a new technology... I decided that I will come back to this technology, when I have some code to port. So the process will be a lot simpler.

I knew AIR has improved a lot since 2012 with stage3D. I already know how to program Flash so AIR would be like a piece of cake for me. In fact is was the same, the used language is ActionScript3. Only hard bit is to set-up the Smartphone drivers and the rest of the GoogleSDK.

I didn't have to pay extra for anything, you can even do it all for free with AIR-SDK  and FlashDevelop. Or pay a little bit and use the official Adobe's AIR/ Flash Builder

Choice was easy... I decided to have a go with this, and perhaps try Unity3D later....

So, after many many weeks I made a choice!



Someone suggested to have a look at CitrusEngine and more engines. I wanted to start developing and this was the only one I saw that used Stage3D... So I got my hands on it.

At first, I was not happy about using an framework/ engine. Usually, I develop 99% of the code I use. But turned out that was pretty good as simplifies the process of making games. Apparently CE was designed for platformers but I am making a shooter.

I found it hard to start with because the lack of documentation for CitrusEngine + [Starling/Away3D] + [Box2D/Nape/AwayPhysics] back then.

I told Aymeric (main CE developer) that I was getting stuck all the time in very basic aspects of the game design. They started to improve documentation and start-up examples.

Now,  I think CE has improved lots but still a long way to go. The Engine is constantly evolving and once you understand its mechanics, you will be able to use it to create any kind of game. I'm creating a shooter with complex backgrounds and many enemies in screen and performance is still 50FPS... the performance is good!

I know AIR performance will be improved eventually along with all the frameworks under CE. In fact, it's still very active and it has been improved several times in the 3 months I have been using it.

Have a go, try, Citrus Engine!

Why flash developers won't go extinct!

I always wanted to work as a games developer. I have created some little games in the past for clients or for myself but always my time has been utterly consumed by my own portfolio websites maker: Electrofolio

In 2010, I made a remake of an old game which was running really well in Flash Player 9 (AS3). 
Later on (late 2010), when I realized that I was the only one excited about my game (playability was amazing),  I decided to add a twist improving graphics adding real animated images instead Tron looking vectorial pictures. Play at the newer version.

Animations were running slower now and FP struggled to move the game at 50FPS plus I couldn't add a parallax scroll effect with bitmaps so I got well disappointed with Flash performance.

In 2011, after Flash beeing totally destroyed by Steve Jobbs, Adobe released a GPU 3D accelerated Flash version called molehill.

I saw several 3D demos and differences with performance were so huge that I decided that I had to go with this new way and stop working with time lines and classic Flash, completely.
I realized that I would take longer to develop apps but this is the way forward.

With the release of Starling 0.8, a friend and I decided to have a go and got involved creating a kaleidoscope game using textures and stage3D. I liked the way it was running. It was pretty fast!

It was a real shame seeing everyday Flash was dieing slowly with so much power on its hands!
Flash was almost dead and Flash-haters where everywhere making so much noise that even myself had really deep thoughts of leaving the technology.
 
I had a go making trying to develop a slide-show with HTML5 that worked everywhere.... Hey! that's what HTML5 is all about, right? Well it's WRONG. It worked in some devices and some didn't execute the JavaScript / CSS combination right....  I was trapped between a dyeing technology and a really over-hyped technology.

In that moment, beginning of 2012, Flash saw its end in phones and tablets. It was one of the worst stages for Flash developers but there was still hope to use our actionscript good skills, an exit, developing AIR apps instead of web apps. That was a great idea! Sadly, my phone (Samsung Galaxy ACE 1) didn't support AIR... I got really down and kept working on Electrofolio (Flash, PHP, mySQL, HTML, JS, CSS, blablabla) for almost a year until I read a very positive post of making money with AIR and iOS+Android.
http://www.esdot.ca/site/2012/journey-of-an-air-developer

Now, I have decided that this has been dragged for too long, This time I'm decided to invest real time in making games. I got a newer phone (Samsung Galaxy S3 mini) which supports AIR and I right away I started developing for Android. I got registered in play.google.com for 25 US$ and adapted an old flash 9 recycling game I made in the past using normal timeline - AS3.

It was very simple drag and drop game and turned out that works pretty well...
Get the game for Android (updated in 2013)

Compare it with the Flash version:
Flash Version (made in 2010)

I think there is big potential being able to release games to several devices with just one click and monetize visits.

I took a look at adMob,  and set up an account, it took me almost a whole day to implement it all:

I got a free AIR native extension that works OK and now I am monetizing my first project. It's hardly any money but if I keep creating games they will all add up making my develop time more monetized.

I see a brighter future, this is is how continues. I will post more about this.

Security in Flash Part 1

This is is what I found out in a furstrated afternoon. There might be wrog things due the cache. If people know about this more, please let me know.

This might work in AS2 and AS3. But it was tested on AS2 Flash9, under Flash Player 10 re32(debug).


How Flash security works between SWFs or SWF loading external images (JPG,PNG,more types?), understandble for everyone:

System.security.allowDomain()

We have two files: master.swf and slave.swf.

master is on: 'http://www.exampleDomOne.com/master.swf';
master will load a file: http://www.exampleDomTwo.com/slave.swf";

If we place on master.swf:
System.security.allowDomain("http://www.exampleDomTwo.com");

Will allow a flash file loaded from that domain to access _root vars (but not _global?) vars from master.swf

If you place on slave.swf:
System.security.allowDomain("http://www.exampleDomOne.com");
It will make ony the variables that are this.[var name] (you can ommit this) will be accessible from the clip that was used to load the swf file. but _root or _global vars will not be available.

Converting to Bitmap or using setMask() directly on those clips when no System.security.allowDomain is set in both files will result in error. But you can mask a holder. That means that if you have a clip(mc2) inside another clip(mc1). And you load an external file on mc2, you are not allowed to mask mc2 but you are mc1. Stupid huh?

What is adobe when they are thinkging about security?

Conclusion:

If you want to load external images and you want to mask them, there is no need for crossdomain or Security stuff, just load them as usual and mask the holder. easy.

If you want to load a flash file securely in your online flash application. Don't use System.security.allowDomain();

Simple, not complicated.