frankencost's Recent Forum Activity

  • Thank you very much guys for your comments and ideas, you are the reason why I say that this is a wonderful community.

    Will read carefully your suggestions and will check step by step Kyatric's plug in. Once again thanks a lot for replying to my post with such dedication, really appreciate it pals.

  • Hi guys,

    Hope you all are doing great.

    I know that probably this is not the first time you receive a comment/question like this but unfortunately I was not able to find an answer surfing the web.

    As you know, when you send a Ajax Post to a file the data being sent is easily traceable if you use a browser third party plugin; in order to check the functioning in some web applications I use Firebug which is the one that works better for me since it helps me a lot to identify problems in jquery plugins, php inserts and similar, so in php I?m able to add security features to my code in order to avoid code injection etc (I?m not even close to be a genius programmer but know the basics in several programming languages, pretty basic stuff), so after uploading one of my games for testing purposes I noticed that my inserts to the database were really insecure.

    The thing is that every time my html5 game made with C2 sends a post to my php file so I can make an insert to the DB, the post is easily read in Firebug so if I copy the post url (let?s say mysite.com and execute the post again directly from my browser the post is performed again. I know I can work with sessions to increase security, require login data to know my users, set cookies etc but at the end the post will work. My concern is let?s say I make a game for a company that will give any kind of prize or incentive to the users with higher scores suddenly a mid experienced programmer will be able to review the destiny of my post and simply manipulate the post from the browser and pass whatever information on a simply url (http://www.mysite.com?score=5000 or mysite.com its just a matter of analyzing with Firebug the content of the post and then modify the string or variables being transmitted by ajax.

    I really do not want to seem dramatic, its just that Construct 2 is too good to be true and I really hope that any of you can give me some tips to increase the security of the Ajax post sent from games made with this wonderful software. Is there any way to avoid the full post url from being readable during the Ajax transmission? Any of you guys know any extra security that can be added or probably another way to send scores to a database without using the Ajax object? I know many options that could make the trick but believe me I have been running in circles, I tried to convert the c2runtime.js file to c2runtime.php and then put some hashes inside the code in order to encode it (yes later on you need to use php headers to add the js functionality to the file again), did not work. I also tried using md5 encryption to generate a key randomly and then compare it when the post reaches my php file but did not work either, at the end if you pass the md5 encoded data as it is through the browser the php file will recognize it as good due to obvious reasons, so this is not an option (lesson learned the hard way).

    I will really appreciate your advice guys, this is a software used even by Microsoft so I know that any of you will have a proper answer, as I told you I?m not a code guru nor a smart**s, I?m just really excited with all the possibilities you get with C2, I also know tha Ajax is not the most secure option and that?s not C2?s fault, it?s just the way it is, but I know this place has brilliant minds and the best thing is that they are not selfish at all at the moment of sharing the knowledge.

    Thanks again.

  • Hi guys,

    I noticed that when I post my score to a php file using the Ajax Post to Url stuff it Works only the first time, the database is updated only once after the first post. I know that my game is ok since I see in Firefox Firebug that the Ajax post is made as programmed but the database is not affected, only if I reload the page of the game.

    Could this be related to the Ajax post call being catched? Have you had any similar experience? If the cache is causing the problem how could I set it to disable in C2?

    Thanks and have a great evening.

  • Hi guys,

    I made it, the solution was as simple as to use only the name of the file I was going to send the score to (instead of mysite.com/game/test.php I used text.php onlye making sure that the file was going to be in the same directory, now it works.

    Thanks!

  • Hi lanceal,

    I made it my friend, the solution was as simple as to use only the name of the file I was going to send the score to (instead of mysite.com/game/test.php I used text.php onlye making sure that the file was going to be in the same directory, now it works.

    Thanks!

  • Hi again lanceal,

    No, I'm using the php SDK and some of the JS SDK for login stuff and permissions, when the player misses 3 shots and sending the score variable to a .php file which pass the score and the FB User ID and Name to an insert php file and then the data is entered to the database which I use later on to include a leaderboard.

    In the past I used to do the same with Flash (I programmed AS3 for about 3 years) but you know that html5 is the hot stuff now so I felt in love with C2 almost immediately, hence the reason why I'm new to the use of the Ajax within C2.

    I'll check if something related to the Godaddy hosting could be causing the issue,or as you said earlier something with the Facebook way to transmit data between http and https. Thanks my friend!

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Hi again pals,

    By any chance have any of you guys created a Facebook App and used AJAX Post to URL to save data? I made my game and put it on Facebook but the AJAX Post to URL is not working, everything seems to be fine, I'm able to get the Facebook user Name and ID but the only thing missing in the array of data is the score that I'm sending to the PHP file.

    I have checked everywhere and everything seems to be fine so I thought it would be better to ask you if any of you have ever had a problem with Facebook and to enter data to DB tables through the AJAX Object.

    Thanks once again for your patience and help.

    <img src="smileys/smiley20.gif" border="0" align="middle" />

  • Thanks lanceal, I don't know I'm really new to C2 and ajax stuff, what I can see here is that if I check the functioning of ajax post in Firebug I'm not getting a response from my test.php file. I really don't know what to do   <img src="smileys/smiley5.gif" border="0" align="middle" />

  • Hi again guys, sorry for bothering again but my score is not posting to database, I received big help from Kyatric an Aphrodite in regards to the Post Url but probably I'm doing something wrong my game is inside Facebook and for some reason I'm not able to post the score to the php file, do you see something wrong here?

    <img src="http://vulcanostudios.com/not-working.jpg" border="0" />

    I'll really appreciate your help since I'm going crazy already, my game is hosted in Godaddy, no Mysql errors and game is inside Facebook.

    Thanks again.

  • Thanks a lot guys, will try that and will let you know, and yest Kyatric I have the App in the same Godaddy hosting and url. Have a great day!

  • Hi Guys,

    Im trying to post score to database through Post to URL and I'm using this line:

    "http://www.mysite.com/game/test.php?score=Score"

    Thats exactly what I'm writting in the URL field (including the quotes).

    Score is the name of the Global Variable holding the score, but this is not working.

    I?ll really appreciate your help.

  • Hey ArcadEd...Thank you very much my friend, I can?t believe it was so easy pal I spent about 3 days figuring it out. This community is absolutely full of great people!!! Thanks again <img src="smileys/smiley42.gif" border="0" align="middle" />

frankencost's avatar

frankencost

Member since 20 Aug, 2012

None one is following frankencost yet!

Trophy Case

  • 12-Year Club
  • Email Verified

Progress

13/44
How to earn trophies