Persistence
Settings belong on the server, not only in the browser.
PlayMUD.online stores client settings in MariaDB through the Go backend. This is the foundation for character-based settings and concurrent users.
Saved Today
- Triggers, including regex patterns, cooldowns, commands, and highlight colors.
- Aliases and their command templates.
- Variables such as
target. - Hotkeys.
- Layout settings such as the active panel and font size.
These settings are saved per settings scope. BatMUD secure and regular telnet share the same BatMUD scope, while other MUDs can use their own scopes. Activity log entries are browser-only temporary data. They are not saved to the backend profile.
Settings Scopes
PlayMUD.online stores settings by authenticated user ID plus numeric settings scope ID. This avoids relying on text names and lets related server entries share settings safely.
Admins manage server-to-scope assignment from admin.html. Deleting a MUD server does not delete its settings scope or profile settings. The scope remains available for reuse so a mistaken server deletion cannot wipe triggers, aliases, variables, hotkeys, or Lua scripts. An unused scope can be deleted separately from the admin Settings Scopes section.
See MUD Servers for the admin flow and deletion behavior.
Profile Auth
The Settings panel can create a profile account with email, profile name, and password. Login uses profile name and password from the top bar or Settings panel. Passwords are stored only as bcrypt hashes by the Go backend, never as plain text. Login uses an HTTP-only session cookie.
There is no anonymous profile. Settings remain unloaded until a user logs in, and every profile name represents a normal authenticated account.
New profiles start as pending. An admin can approve, disable, promote, reset passwords, search users, view archive history, or delete users from admin.html. To bootstrap the first admin directly in MariaDB, set auth_users.status='approved' and auth_users.is_admin=1 for your profile.
Archive delete creates an archive table in the PlayMUD.online MariaDB database if needed, copies auth data, settings, revisions, and session metadata into it, then removes the live profile. Full delete removes the live profile without creating an archive copy.
Users can change their own passwords from Settings with their current password. Admin password resets never send email.
Connecting to a MUD requires an approved profile login. Registration can be protected with Cloudflare Turnstile by setting PLAYMUD_TURNSTILE_SITE_KEY and PLAYMUD_TURNSTILE_SECRET_KEY. The backend can also require profile auth for settings access with PLAYMUD_PROFILE_AUTH_REQUIRED=true.
Import And Export
Settings export produces a bundle for all settings scopes owned by the logged-in profile. It excludes email, password, sessions, admin status, and other auth details.
Modern browsers export a compressed .json.gz file. If browser compression is unavailable, PlayMUD.online falls back to plain JSON.
Settings import sanitizes known PlayMUD.online fields, drops unknown fields, limits bundle size and scope count, and skips scopes that do not exist on this PlayMUD.online server.
Revisions
PlayMUD.online keeps the newest 10 settings revisions for each selected server scope. Autosaves made close together merge into the latest revision so small edits do not flood the history. Restoring a revision replaces the active settings and saves that restored copy as the newest checkpoint.