Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

DarkBASIC Professional Discussion / Running and returning values from PHP scripts in DBpro

Author
Message
CumQuaT
AGK Master
16
Years of Service
User Offline
Joined: 28th Apr 2010
Location: Tasmania, Australia
Posted: 7th Jan 2013 03:59
Hello all, this has been asked on here before, but not answered - but I think I have a new approach for this which might help find an answer....

If I have a simple login PHP script sitting on my server, I can access it using a web string like so (in C#):

"http://www.mywebsite.com/login.php?username=" + username + "&" + "password=" + password + "&"

Depending on how that PHP file is set up, running that line will return a value that I can use to determine whether the login was successful or not.

If you do this in a web browser, it just shows a web page containing the return value.

So, it's already well established that we can download a file off the web using the following code:



But how about just CALLING a webpage... Or perhaps one could use the above code to just save the result of a PHP call string to a file, read it in, and then delete it?

Thoughts? I imagine this may help people out in a big way if we can get it working well, since it will mean people can make server-based interaction from right within their program!


Chris Tate
DBPro Master
17
Years of Service
User Offline
Joined: 29th Aug 2008
Location: London, England
Posted: 7th Jan 2013 05:25 Edited at: 7th Jan 2013 05:30
So, I assume you already attempted to access the PHP script using the HTTP REQUEST command, and you received an error?

This is supposed to be how you would communicate with your web server via DBP; however it does not work with some web servers. I remember being able to communicate with Google's web pages, TGC's web pages but not mine...

If that fails to work with your server; then the URLMON download function will have to do, unless someone creates a seperate program or DLL to handle the transmission for you. This is a 10 minute job in the .NET framework; but not so easy in DBP because a certain number of consumer based servers are fussy with DBP's 'HTTP REQUEST' command.

This FPSC code demonstrates that it is supposed to work; but only seems to work with TGC's host.



Who knows, maybe there is an authentication setting blocking access to common web hosts; that is not set active on TGC's server. If you can get HTTP REQUEST to work with a local host; or a remote host; that host can act as a proxy, which obtains the information you need from the master server; with caution.

I am sure someone else will have ideas; but URLMON will download webpages too; so just download the PHP script using the web address. It will run and echo out the result as seen in a web browser... You just open the local file and read it into a string.

All in accordance with your security policies....

CumQuaT
AGK Master
16
Years of Service
User Offline
Joined: 28th Apr 2010
Location: Tasmania, Australia
Posted: 7th Jan 2013 05:35
I haven't actually tried the above yet, I was more just opening the floor for discussion since it would be SUPER handy for indie game devs using DBP to have this functionality!

Yes, I had been thinking of running a seperate C# app in the background that communicates with the DBPro app using an XML feed or something similar, but it'd be much neater if it could all be done "in house" so to speak!

I'll experiment tonight and report my findings!


CumQuaT
AGK Master
16
Years of Service
User Offline
Joined: 28th Apr 2010
Location: Tasmania, Australia
Posted: 7th Jan 2013 09:17
My experimentation was a success! The following code works by calling the PHP file within the program and downloading the resulting page to the computer, reading in the response, then deleting the temporary file. You can then take the appropriate action depending on what the read in response is!




MrValentine
AGK Backer
15
Years of Service
User Offline
Joined: 5th Dec 2010
Playing: FFVII
Posted: 7th Jan 2013 12:36
I cannot understand why this continues to be a massive thorn in the back, but my twist on this might be that TGC uses 2 of 2 things...

SSL
+
Windows or Linux server

The http code works with SSL port 443 in the examples and not port 80, which suggests you require SSL, which is fine, but for me SSL costs a bit, and I have tried using a community SSL which fails as it is not registered to my Domain... possibly fails some checks...

Whereas, I am currently on a Linux Server for my websites at present, but I do not know what TGC sits on, my guess is Windows...

I might install Windows Server and run a test [I could alternatively run my pc as a server but for the sake of it all I will just use a HYPER-V VPC for the test...]

I do not think storing the data locally in any physical form is wise in any way whatsoever... as a string called back from a web server... that might be best.

BatVink
Moderator
23
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 7th Jan 2013 13:07 Edited at: 7th Jan 2013 13:07
CumQuaT, I use the exact same method to download high scores. My PHP script accepts variables in the URL, and simply returns a csv list of appropriate high scores.

It works a treat, I also add a "code" to ensure security

CumQuaT
AGK Master
16
Years of Service
User Offline
Joined: 28th Apr 2010
Location: Tasmania, Australia
Posted: 7th Jan 2013 15:04
Yep! Same here. I just couldn't find any sort of record of this method here on the forums so I thought I might slap this up here so that people can find it when searching for it in the future


BatVink
Moderator
23
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 7th Jan 2013 23:27
I got a lot of my information from here originally.

CumQuaT
AGK Master
16
Years of Service
User Offline
Joined: 28th Apr 2010
Location: Tasmania, Australia
Posted: 8th Jan 2013 00:32
Oh cool, didn't see that! I just ran a forum search for PHP and got next to nothing back.


MrValentine
AGK Backer
15
Years of Service
User Offline
Joined: 5th Dec 2010
Playing: FFVII
Posted: 8th Jan 2013 04:25
Thanks BatVink was going to look for that one!

Phaelax
DBPro Master
23
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 9th Jan 2013 04:07
Am I the only one here who thinks sending a password variable in that manner is a bad idea?

"You're not going crazy. You're going sane in a crazy world!" ~Tick
Dar13
18
Years of Service
User Offline
Joined: 12th May 2008
Location: Microsoft VisualStudio 2010 Professional
Posted: 9th Jan 2013 04:42
Nope. Ideally, you'd want to send a hash or other processed form of the password instead.

MrValentine
AGK Backer
15
Years of Service
User Offline
Joined: 5th Dec 2010
Playing: FFVII
Posted: 9th Jan 2013 09:50
Am I the only person getting a login box for devink.co.uk on here?

Phaelax, yup it is a bad idea...

Brendy boy
20
Years of Service
User Offline
Joined: 17th Jul 2005
Location: Croatia
Posted: 9th Jan 2013 11:16
Quote: "Am I the only person getting a login box for devink.co.uk on here?"

no, i'm getting it too

Dar13
18
Years of Service
User Offline
Joined: 12th May 2008
Location: Microsoft VisualStudio 2010 Professional
Posted: 9th Jan 2013 16:03
Looks like BatVink's sig is causing it. I tried going to the link in it, and I got the same login box.

CumQuaT
AGK Master
16
Years of Service
User Offline
Joined: 28th Apr 2010
Location: Tasmania, Australia
Posted: 9th Jan 2013 17:32
BATVIIIIIIIIIIIIIIIINK!!!! *shakes fist*


BatVink
Moderator
23
Years of Service
User Offline
Joined: 4th Apr 2003
Location: Gods own County, UK
Posted: 9th Jan 2013 18:02
Login box sorted, apologies

Quote: "Am I the only one here who thinks sending a password variable in that manner is a bad idea?"


Quote: "Ideally, you'd want to send a hash or other processed form of the password instead."


I create an MD5 of the data being sent, so that it cannot be altered in any way. For example, to submit bogus high scores. I don't think you could do the same with passwords because a hash can't be reversed, but you can still use some kind of algorithm to obfuscate it.

Chris Tate
DBPro Master
17
Years of Service
User Offline
Joined: 29th Aug 2008
Location: London, England
Posted: 9th Jan 2013 18:31 Edited at: 9th Jan 2013 22:12
It is done everytime you enter a password into your favourite online content management system, such as this one.

The password is sent in string form to the server; generally with one way encryption. What is usually stored in the database is something far more complex than your real password that cannot be reversed; only you know the password.

With [edit]write only properties; or for DBP a secure way of storing the password string such as chunking it into many variables; you can't even hack the password in the program (unless you steal the source code). What the hackers see is a long wierd looking array of characters such as A82DMWW823MDAPDAW93943433K2K32MAW244433, which might not even be the password; the hash code could be a pattern in the string; or there could be numerous fake hash codes. Only the server side script and the program has the algorithm for extracting the hashcode.

Login to post a reply

Server time is: 2026-07-07 05:15:57
Your offset time is: 2026-07-07 05:15:57