Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

AppGameKit Classic Chat / Host your own high scores using PHP and MySQL

Author
Message
ApkGames.Guru
10
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 26th Apr 2019 18:12
Link
Hi all. I offered via the FB forum to put together a little document on how to achieve hosting a high score table via AGK; being able to send a score and return a list of scores. I've attached this, which I hope some of you might find useful, if you were considering adding this or similar to games\apps. There are some pre-requisites, such as a website\hosting package\access to FTP folders\PHP and MySQL.

Cheers, Ian.

Attachments

Login to view attachments
Back to top
Profile PM Email Website
Qube_
9
Years of Service
User Offline
Joined: 21st Oct 2014
Location: Omnipresent
Posted: 26th Apr 2019 20:37
Link
Nice little guide but if someone was to use it as is their server would be very open to SQL injections. Ideally you need to validate every single piece of information received from a POST before sending it to your database.
Back to top
Profile PM Email Website
ApkGames.Guru
10
Years of Service
User Offline
Joined: 25th Oct 2013
Location: England, UK
Posted: 26th Apr 2019 22:13
Link
@Qube_ Yes, that's always a possibility and must be considered when distributing apps that allow input and posts via PHP. In the past, I mainly only allow 3 characters to be entered as a name for a high score. This and the rest of any information is controlled fully by my code and the only way of getting values into the database is by AppGameKit running the PHP script, to a secure folder.... so anyone trying to tamper outside of the coding won't get far and cannot access the PHP scripts without the credentials to access them. However, a good point raised and one for anyone doing this to be wary of.
Back to top
Profile PM Email Website
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 29th Apr 2019 08:12
Link
Unless you're encrypting your data, don't assume someone can't send their own POST data from outside your app. One could simple use Charles to view the packet data your app sends to the script. An SSL connection would be preferred.
Tiled TMX Importer V.2
XML Parser V.2
Base64 Encoder/Decoder
Purple Token - Free online hi-score database
Legend of Zelda

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds
Back to top
Profile PM Email Website
Jerry McGuire
7
Years of Service
User Offline
Joined: 25th Mar 2017
Location:
Posted: 3rd May 2019 01:38 Edited at: 7th May 2019 19:59
Link
Great topic. It’d be great if more was written on connecting to a database via internet.
Cheers
AppGameKit 2018.10.10

iMac Book Pro, MacOS 10.14, Xcode 10.1;
iPhone 6, iOS 12; iPad (3rd gen), iOS 9.35; iPad Pro 12'9 (2nd gen), iOS 12.

Dell Precision T7400, Windows 7 Professional 64bit, Visual Studio Community 2017;
Back to top
Profile PM
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 6th May 2019 16:54
Link
Jerry, easiest way is creating a Rest API on the server and just using http requests.
Tiled TMX Importer V.2
XML Parser V.2
Base64 Encoder/Decoder
Purple Token - Free online hi-score database
Legend of Zelda

"I like offending people, because I think people who get offended should be offended." - Linus Torvalds
Back to top
Profile PM Email Website
Qube_
9
Years of Service
User Offline
Joined: 21st Oct 2014
Location: Omnipresent
Posted: 7th May 2019 03:57 Edited at: 7th May 2019 04:02
Link
If you can't use SSL then create an additional "key" parameter ( a good idea anyway ) which the formula is only known to the AppGameKit app and the server side. The key is based on the parameters being sent.

For example you send score.php?score="100"&username="bob"&key="900cpc" - in this example the key is just score * 9 and a shift +1 in the usernames letters. Of course your key system would be more complex.

If the formula for the generated parameters equals the key then that's 99.9% sure it's a genuine post but never assume so. Always validate every step of the way.

If it's sent like score.php?score="100"&username="bob"&key="1234" and validated as incorrect then it's just ignored.

Overall though never ever assume that the data you are getting externally is valid. Verify every little detail before actioning on it.
Back to top
Profile PM Email Website
Jerry McGuire
7
Years of Service
User Offline
Joined: 25th Mar 2017
Location:
Posted: 7th May 2019 20:03
Link
Thanks @Phaelax and @Qube_ for elaborating on the subject. I'm not quite there yet. But once I am, I'll be trying out all of this.
Nice to have a helpful community!
cheers
AppGameKit 2018.10.10

iMac Book Pro, MacOS 10.14, Xcode 10.1;
iPhone 6, iOS 12; iPad (3rd gen), iOS 9.35; iPad Pro 12'9 (2nd gen), iOS 12.

Dell Precision T7400, Windows 7 Professional 64bit, Visual Studio Community 2017;
Back to top
Profile PM
Back to top

Login to post a reply

Server time is: 2024-04-18 18:00:33
Your offset time is: 2024-04-18 18:00:33