Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

AppGameKit Classic Chat / Online High Scores

Author
Message
3d point in space
14
Years of Service
User Offline
Joined: 30th Jun 2009
Location: Idaho
Posted: 4th Dec 2017 11:48
Hello I am coming back to doing this game making stuff because I do construction and its winter. Well I found a great online game tutorial that was built by PeliStar in game maker studio, but it can also be used in app game kit. Well the first part of it any way, and the code on the bottom half of the tutorial is not to difficult I think because AppGameKit has similar functions.

https://forum.yoyogames.com/index.php?threads/online-highscores.4291/

I thought this was the best tutorial for online high scores and I would like to see a tutorial like this one in AGK.
Developer of Space Chips, pianobasic, zipzapzoom, and vet pinball apps. Developed the tiled map engine seen on the showcase. Veteran for the military.
BatVink
Moderator
20
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 4th Dec 2017 12:06
The web side of this tutorial can be used as-is for AGK.
The only part you need to convert is getting and sending the data, there are lots of threads about HTTP here on the forum (many of them about hi-scores)

One word of warning - the PHP script on the tutorial is not protected from SQL injection. It could be used maliciously.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Quidquid latine dictum sit, altum sonatur
TutCity is being rebuilt
Conjured Entertainment
AGK Developer
18
Years of Service
User Offline
Joined: 12th Sep 2005
Location: Nirvana
Posted: 4th Dec 2017 13:25
Quote: "One word of warning - the PHP script on the tutorial is not protected from SQL injection. It could be used maliciously."

Great advice.

SQL can be tricky to get locked tight, and I had no clue about injection when I first dabbled in it, so my advice is to find someone who really knows SQL to give it a proof read before deploying it.

I used Phaleax's system for the few games I made that included a high score board.

Coding things my way since 1981 -- Currently using AppGameKit V2 Tier 1
3d point in space
14
Years of Service
User Offline
Joined: 30th Jun 2009
Location: Idaho
Posted: 4th Dec 2017 16:04 Edited at: 4th Dec 2017 16:15
. Well if you read down In the post it explains more about what you can do about SQL injection. I think it is pretty good though because he encodes the information to the database, so it is a lot harder for someone to manipulate the data. Another thing is free is not the best, Altervista is free. There are other more secure sites that you have to pay for.
Developer of Space Chips, pianobasic, zipzapzoom, and vet pinball apps. Developed the tiled map engine seen on the showcase. Veteran for the military.
Dybing
12
Years of Service
User Offline
Joined: 12th Sep 2011
Location: Bergen, Norway
Posted: 4th Dec 2017 18:37


Most 'proper' languages have dedicated libraries for talking to databases, which includes safe ways to do build and execute queries. To prevent - amongst other things - SQL injection. That said, with the amount of 'web-devs' (aka designers with a dangerous level of JS knowledge) that think they can also do back-end, vulnerable sites are-a-plenty...
3d point in space
14
Years of Service
User Offline
Joined: 30th Jun 2009
Location: Idaho
Posted: 4th Dec 2017 19:27
Why worry about this any way no one might even download your freaking app. So if you get enough people maybe yes then have it looked over, otherwise I think it would be more beneficial to just get the game out with a online score system. Ok I see if you get 1000's of downloads for your game that this might even become relevant, but I think it is more important to get things simple You might only get 10 downloads for your game and worrying about someone changing your scores is the least of your worries. I think I going to mess up some ones online scores that only has a 100 downloads or less if its worth my time.
Developer of Space Chips, pianobasic, zipzapzoom, and vet pinball apps. Developed the tiled map engine seen on the showcase. Veteran for the military.
Phaelax
DBPro Master
20
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 4th Dec 2017 20:40
Quote: "Why worry about this any way no one might even download your freaking app. "


People who don't code for known issues until they've already become a problem is just lazy and bad practice.

Quote: ", but I think it is more important to get things simple"

It's more important to get things right. Who cares if only 10 people download the app. You at least have a stable framework to build upon in the future. And if you do start getting thousands of downloads, are you going to be able to patch the exploits you lazily left behind fast enough to prevent bad reviews which could quickly drop your app into a crater it won't crawl out of?

That tutorial also neglects using SSL for the sake of keeping it simple. I'm all for the KISS methodology but not at the expense of security. I initially neglected SSL in my highscore system and this forum was like umm yo buddy don't do that. So I fixed it. My system also allows anyone to easily add a global hi-score table to their game without the worry of setting up and maintaining a database. It still relies on POST data so it's usable to AppGameKit and really any language with networking. It's not perfect and I probably need to update it.

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds
Kevin Cross
20
Years of Service
User Offline
Joined: 15th Nov 2003
Location: London, UK
Posted: 5th Dec 2017 12:15
I've gone through a number of iterations on improving the data going back and forth to stop false/harmful data, all of which I'd wish I'd got in earlier. I've yet to include SSL which I'm now worried it's too late as it's going to cause a lot of problems because it'll break older versions (I will include it regardless). So yes I'd recommend making sure your system is as perfect as you can get it even if you've only got 10 downloads. The problem with improving it later is that those 10 downloads might still have the old version installed and access to the old PHP/SQL connections set up for that version. If you re-write the version of files that version accesses then you run the risk of breaking it for them.
Phaelax
DBPro Master
20
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 5th Dec 2017 12:19
Can you force an update? Even if you can't affect older versions, I'd still go ahead and update your system to SSL. You can leave the older stuff in place for legacy versions for awhile..

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds
BatVink
Moderator
20
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 5th Dec 2017 14:21
Quote: "Why worry about this any way no one might even download your freaking app"


Because if you allow vulnerabilities in your code for any reason you compromise users PCs and web servers. SQL vulnerabilities extend way beyond your high score table.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Quidquid latine dictum sit, altum sonatur
TutCity is being rebuilt
smallg
Valued Member
18
Years of Service
User Offline
Joined: 8th Dec 2005
Location: steam
Posted: 5th Dec 2017 15:16
If you're new to coding and using android I would recommend the 'google play' high scores, super easy to set up and use.
life's one big game
spec= 4ghz, 16gb ram, AMD R9 2700 gpu
Kevin Cross
20
Years of Service
User Offline
Joined: 15th Nov 2003
Location: London, UK
Posted: 5th Dec 2017 15:45
Quote: "Can you force an update? Even if you can't affect older versions, I'd still go ahead and update your system to SSL. You can leave the older stuff in place for legacy versions for awhile.."


First thing in the new year I will be buying a multi site SSL certificate through my hosting provider and will test it on a spare domain I have i.e. amend my script to send data to the spare domain with a secure connection and will test to see what happens if the old versions of the program make an un-secure connection to the SSL secured domain. I could have the latest version of the app sending data to a different domain that has SSL and leave the old versions that's installed on some devices to send it to the current domain which doesn't have SSL if that's the only option. But yes I definitely have to and will upgrade to SSL as soon as possible. Thankfully no personal data is being sent to and from the site, I'm guessing it's just a lot easier at the moment to jump in the middle of the connection and change the values sent back and forth.

Just highlighting the point that it's good to get the system in place near perfect even if you only ever have 10 downloads.
Phaelax
DBPro Master
20
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 5th Dec 2017 19:26
If you have a closed system that only you are developing, then you can get away without SSL more easily than I could. Because you could encrypt your data or salt it. Not full proof, but without the method used being published anywhere it'd be difficult to decipher. Whereas my system is publicly usable, any encryption method would be obtainable. A way around that of course is relying on unique private keys for each user and/or app, which is what I initially did. The key gets hard-coded into the app.

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds

Login to post a reply

Server time is: 2024-03-28 19:40:25
Your offset time is: 2024-03-28 19:40:25