PSN 100% <https://psn100.net>
PSN 100% is a trophy tracking platform dedicated to creating the ultimate 'clean' trophy list. By merging game stacks and filtering out unobtainable trophies, we provide a unified list of unique, earnable trophies. This ensures every user competes on a level playing field, without the need to replay titles or miss out due to technical issues or retired services.
To maintain a competitive edge, PSN 100% calculates statistics exclusively from the top 10,000 players, offering more accurate benchmarks for dedicated hunters. Built by trophy hunters, for trophy hunters.
PSN 100% is not a community for discussion (forum), gaming/boosting sessions or trophy guides. Other sites already handle this with greatness, please use them.
- PHP: 8.5
- MySQL: 8.4
The application reads MySQL credentials from DB_HOST, DB_NAME, DB_USER, and DB_PASSWORD.
Values are read from $_ENV when populated, and fall back to getenv() when they are not.
When using PHP's built-in development server, either export the variables in your shell or pass
-d variables_order=EGPCS so $_ENV is populated:
cd wwwroot && DB_HOST=127.0.0.1 DB_NAME=psn100 DB_USER=psn100 DB_PASSWORD=psn100 \
php -d variables_order=EGPCS -S 0.0.0.0:8000 /tmp/psn100-router.phpIf configuration is missing, the app throws a clear DatabaseConnectionException instead of
attempting a connection with empty credentials.
Queue submissions and player reports rate-limit by client IP. By default the app uses
REMOTE_ADDR only.
If the app runs behind a trusted reverse proxy, set TRUSTED_PROXY_IPS to a comma-separated
list of proxy addresses that may append X-Forwarded-For. When the direct client is a listed
proxy, the leftmost valid IP from X-Forwarded-For is used for rate limiting.
Example:
export TRUSTED_PROXY_IPS=127.0.0.1,10.0.0.1Only enable this when the proxy strips untrusted X-Forwarded-For values from clients.
Admin pages require a row in the admin_user table. Create an account with a bcrypt hash:
php -r "echo password_hash('your-password', PASSWORD_DEFAULT), PHP_EOL;"INSERT INTO admin_user (username, password_hash) VALUES ('admin', '$2y$10$...');Production should layer Apache rules on top of the application:
wwwroot/admin/.htaccess.example— HTTP Basic authentication in front of the admin UI. Copy toadmin/.htaccessand setAuthUserFileto your server password file.wwwroot/cron/.htaccess.example— deny all web clients except the host that runs scheduled jobs. Copy tocron/.htaccessand replace127.0.0.1with that server's IP.
Cron entry scripts also refuse non-CLI execution in PHP (CronCliAccessGuard), which
protects environments where .htaccess is not applied (for example the PHP built-in
development server). Admin remains reachable in dev so you can exercise the login flow;
use the Basic-auth template only on production Apache hosts.
Existing deployments need the new tables from database/psn100.sql:
ip_rate_limit— fixed-window IP rate limits for public JSON endpointsadmin_login_throttle— failed admin login tracking and temporary lockouts
Queue status polling (check_queue_position.php) requires a poll_token issued by the
CSRF-protected add_to_queue.php response and stored in the visitor session. Poll
requests are limited to 60 per IP per minute; scan_log_poll.php is limited to 30 per
IP per minute. Admin login locks an IP for 15 minutes after five failed attempts.
- Available > Delisted
- English language > Other language
- Digital > Physical
- Remaster/Remake > Original
- PS5 > PS4 > PS3 > PSVITA
- Collection/Bundle > Single entry
- PSNP+ <https://psnp-plus.netlify.app/> (HusKy) for allowing PSN100 to use the "Unobtainable Trophies Master List" data.
- PSN Profiles <https://psnprofiles.com/>
- PlaystationTrophies <https://www.playstationtrophies.org/>
- PSN Trophy Leaders <https://psntrophyleaders.com/>
- TrueTropies <https://www.truetrophies.com/>
- Exophase <https://www.exophase.com/>