I haven't worked out all the kinks, but so far I'm very pleased with the speed and the potential for client customization; images, music, widgets, etc.
However, once the client gets a hold of the source files, the entire library is viewable.
I don't view this as too much of a problem in terms of sharing code. If all goes well, I will release a final version. But, security is another story all together.
And by security, I mean cheating. I suppose obfuscation won't stop an eager nerd who is willing to decode the library.
I don't want to resort to having to write the library in PHP. Right now, all PHP is doing is fetching database information and returning quick results through a 'hook' / ajax system I've developed.
I'm at a very early stage in development, so I don't mind taking an alternate route, but I'm not sure what that would be.
PS: The primary goal, is to provide a codebase that can run on any web-server. I'm not currently interested in node.js or any sort of TCP/IP options.
Yeah, you're designing the Hindenburg. Fundamentally, for an MMO to be secure (such that a player can't cheat), it must not depend on the client for computation of game logic. The client can compute in parellel such that you may be able to avoid latency, but never unilaterally without sanity checking the server at each step of the way. In other words, the server must not depend on the client; it should have access to the state as a read only object. And the only way to do that is that the state, and the processes by which the state is changed, is done on a trusted machine. (Your server.)
So the only thing a client should be able to do is what mud clients can do. They get information about the state of the game and they display it. They transmit instructions to be carried out. They modify state through these carefully designed interfaces that exist to give access to processes only the server has authority over.
Very good points to consider. It seems that I really don't have much of a choice other than to rely on the server to do the heavy lifting. I was hoping on the client being able to handle timed events, battle and other things. I don't know how, but I imagine the client could be hacked to alter character data and what have you.