Before I start diving into the game prototype I felt like looking into the server/web side of things to get a feel for what I’d need to get that up and running.  As I’ve never really touched this stuff before (MySQL, PHP) I went to Google and found the w3schools.com tutorials for both PHP and SQL.  These were extremely handy and I was quickly up and running with some basic knowledge in hand.

Next was research into security concerns as I wanted to be sure that any account information registered with me for this game will be as safe as I can offer.  Google turns up a lot of information on server/client security, but nothing particularly game centric.  I extracted what information I could from the various web focused sources I found and came up with some key points:

• Never send the password as plain text from the client.  Never send the password from the server at all.
• Do not store user passwords in your database as plain text.  Always hash them.
• Do not use md5 to hash passwords as it is known to be insecure.  Using sha256 or sha512 is the current preference.
• Salt your passwords.

With that information in hand I turned to designing my first iteration of the accounts database to hold my user information.  I figured at a base I would want:

1. A unique integer ID for each user.
2. A username.
3. An email address (for password recovery and game related mailings).
4. A password field.
5. A salt value.
6. A date joined time stamp.

I then opened up phpMyAdmin on my webhost, created a database for Space Horde, and created a table called ‘accounts’.

CREATE TABLE accounts
(
id INT UNSIGNED NOT NULL,
username VARCHAR(16) unique NOT NULL,
email TEXT NOT NULL,
password CHAR(64) NOT NULL,
salt CHAR(64) NOT NULL,
joined DATE NOT NULL,
PRIMARY KEY (id)
);

Next time we’ll start on the PHP scripts needed to interact with this database.