Version 1.4 available now.

v1.4 update (2017-01-11)

• ScreenWidth expression added: Return the width of currently set screen resolution.
• ScreenHeight expression added: Return the height of currently set screen resolution.
• GetScreenRatio expression added: Return the (string) aspect ratio of the screen (ex. "16:9") or 0 (integer) if could not detect.
• IsScreenRatio expression added: Check if screen aspect ratio is equal to "WidthRatio":"HeightRatio". Return 1 if true and 0 if false.
• GCD expression added: Return the Greatest Common Divisor for a and b parameters or 0 if wasn't found.
• Is screen aspect ratio(Width ratio, Height ratio) condition added: True when screen aspect ratio is equal to "Width ratio":"Height ratio".

Trivial example usage of some of new features.

I added a little update to the first post, explaining "why this approach over the native globals".

I'm back on track with MoModth. A lot has changed. I have moved some functionalities to the MoModth plugin. MoModth is still event based framework, just the absolute core features like modules handling/managing, storage managing and preloader are covered with plugin which makes life easier.

It is strictly modular based which makes it easy to maintain no matter how big the project is and it's of course highly extensible/customizable. I will post more details soon. For now you can see how the example MoModth controller module looks like: https://puu.sh/th2qK/330bf3c688.png

I think you're trying to make what Pode already made. So you can take a look at his code:

FYI, NW.js 0.19.2 still produce black screen on OBS without '--disable-direct-composition'.

Issue will be fixed with Chromium 56. NW.js 0.19.2 is based on Chromium 55, so we still need to wait a little bit.

Version 1.3 available now.

v1.3 update (2017-01-09)

• GetTimerTimeLeft(tag) expression added: Return the remaining time before timer triggers (in milliseconds)
• Fixed a bug when timer condition was checked before the particular timer tag was started

Thank you guys! Glad you found it useful .

I just updated plugin to v1.2. Added encryption expressions.

v1.2 update (2017-01-05)

• Hashing/encoding functions added: Base64, MD5, SHA1, SHA256, SHA512, Super64

If you want to keep it a bit more elegant you can use the "If is true" condition from TR_System plugin.

You can do advanced logical operations there.

Just for the record: The request sends an email, password and API key token (like a user registration call). Once you manage to make a fake call (try to register another user) you shall see a server response like this one:

Please post a call URL and the screen shot once you manage to break the security.

This is basically a test of C2 (JS) trick-security without using SSL.

Good Luck!

You build it on the fly as you generate keys.

Uhm... no you don't. There is simply an API key generated on the fly for this specific call. How can a one API key with a lifetime of milliseconds be called a library?

You are assuming you know the value of the score ahead of time.

No you don't. I'm not sure what you meant here exactly but there are no assumptions.

And when your algorithm is as simple as SHA256(score + salt), it is very easy to guess.

In such a trivial example it might be, but the point is to make it more complex.

You're not allowed to have any server-side checks though, since that is what the OP was about. This needs to be a pure JS solution.

Uhm.. what? The point with API key is to validate it on the server side. The OP even provided a sample of PHP script. So it is all about to make a server check and authorise the request or not.

You don't need to provide me with any code, just send me the URLs/API. I want you to minify it too, just for fun. :-p

What you want me to minify if you don't want any code? If I'll provide you just a sample URL and and API URL, you will depend purely on luck. The point is to crack it, not to guess it as I am sure you will not guess it.

So the test would be as following:

• I will prepare a minified JS code which will make an AJAX call to my server API. This call will make some action on the server - let's say - create an account. So there will be an email and password send over from JS to the server secured in my way without using SSL.
• Your goal will be to send another request to the server to create new user. So you will have to figure out my security (algorithm) trick and based on it create a request which will cheat my server and allow you to create a new account.

So the overall test would show how much a non SSL request, covered with hashing tricks is secure. I will send you an HTML5 app which sends the request (like if you had my game locally) and the rest you have to deal yourself. Is that ok for you?

BTW: It might be easier to talk on Discord or Skype, so PM me after you read it

Professional C2 debug tool — Now for sale in the Scirra Store!

https://www.scirra.com/store/construct2 ... -tool-3121

What is it about?

"Debugging is the process of finding and resolving of defects that prevent correct operation of computer software or a system." - Wikipedia

There are tons of posts, articles and even books about the importance of good debugging tool. Such tool allows you to make your app faster, make it better and more secure.

MM_Debugger is a tool for developers who think seriously about game development. It has a lot of features that allow you to implement watchers for each section of the project and assertions which immediately alert you about the unexpected behavior in your app workflow.

Features

• Enable/Disable debugging (logs, assertions, stack trace) by toggling one property of the plugin,
• Implement assertions and say "farewell" to unexpected bugs,
• Assertion report provides detailed information about the place in event sheet of the issue including event sheet name, group name and event number,
• Implemet Stack Trace logs and save detailed bug reports in files or send them to your server via AJAX,
• Implement distinct logs for development process and for reports on production,
• Use multi-tag log system and decide which section of your app you want to debug at the moment by simple tag filtering,
• Use Spotlight System to override tag filters for quick debug look-ups,
• Create unit tests to be sure your code is bulletproof

Use this topic to leave comments, ask questions and talk about Professional C2 debug tool