Timer Etc

NZ_Kiwis

I've got a basic game in VB.NET which preforms a bunch of functions on a timer interval - some are PC time some are using the .NET timer function.

I'm looking to make a new game but have it web based, i'll be doing this in PHP using MySQL databases etc.

I guess a lot of stuff will be done with AJAX and some Javascript.

I have these questions.

Is Javascript safe/secure?
How do I prevent robots from accessing includes/functions folders on my web server?
How can I have some type of secure timer on a webpage?

NZ_Kiwis

Also I guess there are lots of count down timers out there, I need something that can disable duties or redirect pages etc at the set interval?

I needs to be secure. Is a page refresh or redirect a good way of doing this?

sneakyimp

You'll need to be more specific about what information you are seeking -- your post has some pretty vague questions.

1) Is Javascript safe/secure?

This depends entirely on the context. Given that it currently runs on about a billion machines, It seems safe enough to me. It's used by all the big guys. What, exactly do you have in mind?

2. How do I prevent robots from accessing includes/functions folders on my web server?

.
What do you mean by prevent robots from accessing includes/functions folders? You could add them to robots.txt according to the robots exclusion standard and the well-behaved ones would stay out.

Hackers are something else. Security in this case would depend on many things. PHP scripts should authenticate a user before doing anything sensitive or dangerous for them. Your web server can also provide some security such as HTTP authentication or Apache offers Deny/Allow directives to exclude visitors based on all sorts of criteria.

3. How can I have some type of secure timer on a webpage?

What do you mean by 'secure' timer? Any timer that runs on the client side is completely under the control of the client and there's nothing your server can do about it. Your server code needs to be constructed assuming all kinds of cheating from a visitor.

bradgrafelman

sneakyimp;10993620 wrote:
Your server code needs to be constructed assuming all kinds of cheating from a visitor.

In other words, displaying a Javascript counter on a webpage is fine for display purposes for the user, but you should also store the starting timestamp and length (or ending timestamp) on the server and perform server-side validation to ensure that the proper amount of time has elapsed.