UberDark's Recent Forum Activity

  • Well the big issue i have is that people can see the data send. In this case the Username and Password.

    I know there is

    $username = $_GET['fname'];

    $password = $_GET['fpass'];

    I have tried simply replacing the word GET with POST but that seems to stop the php script from working.

    But there is more that i don't understand.

    In construct2 there is the option to use AJAX to 'request url' and 'post to url'. I have tried both but both show in the console in the browser.

    So the two questions I have are..

    1- Do I need to use the 'post to url' in my eventsheet to make the data invisible?

    2- How do I convert the bit of php to use POST instead of GET and does that make it invisible?

    I just don't want everyone with a tiny bit of knowledge to see the username and password.

    Hard to understand the tutorial I am using is on this website and that uses GET in both php and AJAX. But then states it is not a very secure way.however that it can be made more secure. The tutorial is more than two years old but there are no relevant posts on the scirra forums to make it secure. There is not even a post regarding how to use the AJAX function 'post to url' properly on here except the manual entry which doesn't explain my question. Is there a better way to go about this or something? Does nobody have large data sets to load or compare to a database? Now somebody mentioned somewhere else on this forum I should use JSON instead and load all my database into an array from a JSON file. *sigh* Then why is this AJAX even an option? And why is that tutorial still up if it is not really advised to use that method? *Bllllarg

  • Ah i see.. data, not date.. That was confusing

    Thanks frozenpeas! Will see how far I get.

    P.S.

    So I don't have to use POST in this to make it secure? I got told with GET you can just see it in console view of the browser?

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • You have to sanitize the date whether it's GET or POST

    *scratches head..

    I just have no clue what that means sorry.

    And regarding the charset.. Doesn't Construct2 determine the charset used?

    I understand php and mysql can also specify this but i am assuming we have to comply with what Construct2 does? I am so in over my head hahaha

  • Turns out ajax is misfiring POST as GET...

    Not sure why yet..

  • I think that should be mysqli_real_escape_string instead? The link you placed says that one is deprecated.

    I was actually aware of the risks but first wanted to learn how to do that bit since this was my first database effort. Funny how I got stuck on something I have done many times before. The construct2 bit. Thanks for the heads up though and I will make sure to ask if I can't figure it out

    Oh a question right away!!

    It says the character set has to be set serverside.

    I am assuming that setting it in the mysql database would work then? Doesn't construct2 set it as well and woudn't that make it unsafe?

    And is this what you mean?

    $qz = "SELECT id FROM members WHERE username='$username' AND password='$password'", mysql_real_escape_string($username), mysql_real_escape_string($password);

    Or should I do this at the very beginning of the script?

    $username = $_GET['fname'], mysql_real_escape_string($username);

    $password = $_GET['fpass'], mysql_real_escape_string($password);

  • Oh Dear..

    Thank you so much Ramones. I thought it would be in the php or mysql cause those were new to me. That is just so silly I cannot believe it. Really appreciate it!

  • I was following a tutorial on this site on how to make a login using ajax, php and MySQL.

    I got stuck however (obviously)

    My question is near the end of this post in bold text

    Thanks for reading..

    1

    I have made a database named 'barnoldswickinbloom'..

    Made a table in there called 'members'..

    In the table are 4 columns: id (int) , username (varchar), email (varchar) and password (varchar).

    2

    Now obviously I am not going to paste the password although there is nothing on there anyway but here is the php script..

    <?php header('Access-Control-Allow-Origin: *');

    $username = $_GET['fname'];

    $password = $_GET['fpass'];

    $con=mysqli_connect('theipadress','theusername','thepassword','barnoldswickinbloom');

    // Check connection

    if (mysqli_connect_errno())

    {

    echo "Failed to connect to MySQL: " . mysqli_connect_error();

    }

    $qz = "SELECT id FROM members WHERE username='$username' AND password='$password'" ;

    $qz = str_replace("\'","",$qz);

    $result = mysqli_query($con,$qz);

    while($row = mysqli_fetch_array($result))

    {

    echo $row['id'];

    }

    mysqli_close($con);

    ?>

    3

    And here is a screenshot of the eventsheet:

    Now my QUESTION!!!!

    I would expect at least to see a return value in my Text field. The Textfield does change from the initial "..." to blank so the AJAX is getting to completion.

    But nothing at all. It does not give me any error which I have had before due to using localhost insetad of an ipadress in the php script. I had a NaN and a Can't connect to server error before, but those are both fixed. Now I simply get nothing.

    If you want to see how it currently works and that the text field does indeed change in it's current state, here it is online http://barnoldswickinbloom.co.uk/

    As username use: Guest

    As password use: 1234

    Even if it fails from what I understand it should return a 0 instead of a positive number.

    Here is a link to both the capx and the php script. I did ofcourse change the login information in the php script.

    https://dl.dropboxusercontent.com/u/175 ... truct.capx

    https://dl.dropboxusercontent.com/u/1750576/login.php

  • 'GO' in my case whehehe cheers

  • I do actually have some webspace so i should already have everything you just mentioned except for testing i guess doing it offline would be handy. Saves me uploading every itteration right?

    I am currently trying to follow this tutorial https://www.scirra.com/tutorials/525/si ... l-database

    I understand the php bit and the construct2 bit but just not sure about the phpmyadmin bit which i did locate on my webhost dashboard. The very first code in the tutorial is giving me the most headscratching. Not giving up though *shakes head*

    Thanks for the advice!

  • Again thank you both for being so helpfull.

    I am not going to risk it and go for a database then. I can learn it I am sure. *fist in the air*

  • Yes Ribis it is for a website and meant to be used online. I just stuck to a text file because someone else that never uses Construct2 has to be able to add users and passwords.

    I don't have knowledge on how to make databases..

    Thank you both for responding.

  • Where do I put that?

    Currently putting data into the array with:

    Set value at (i, 0) to tokenat(AJAX.LastData,i,";")

    In a 'for' loop of course..

UberDark's avatar

UberDark

Member since 14 Jan, 2012

None one is following UberDark yet!

Connect with UberDark

Trophy Case

  • 12-Year Club
  • Email Verified

Progress

13/44
How to earn trophies