Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / Can anyone help me with AGK/PHP

Author
Message
easter bunny
13
Years of Service
User Offline
Joined: 20th Nov 2012
Playing: Dota 2
Posted: 9th Feb 2013 03:24
I'm writing an app that will contact a server to get a high score, and can also update that high score.
Here is the php code I use on the server

<!DOCTYPE html>
<html>
<body>

<?php
$testme = $_GET["score"];
$current = file_get_contents("scores.dtb");
if($testme > $current){
$file = fopen("scores.dtb","w");
echo file_put_contents("scores.dtb",$testme);
fclose($file);
}
?>

</body>
</html>


and the [AGK] code the program uses to update the score:


function SendWorldHi(score)
if GetInternetState()
con = CreateHTTPConnection()
host = SetHTTPHost(con,"localhost", 0)
SendHTTPRequest(con,"score.php","?score=1000")
CloseHTTPConnection(con)
DeleteHTTPConnection(con)
endif
endfunction temp

but for some reason it doesn't work, can anyone help me?
it doesn't update the score properly, the php code definitely works, I can test it in the browser.

There are 10 types of people, those who understand binary and those who don't
zeroSlave
17
Years of Service
User Offline
Joined: 13th Jun 2009
Location: Springfield
Posted: 9th Feb 2013 04:24
I'm really not sure. I don't know AppGameKit at all. Just from looking at it though, where is score.php located locally? Do you have somewhere you can upload the score.php file to test with the app? Then, couldn't this
be
?

Not sure. :/ But good luck!

Everybody is a genius. But if you judge a fish by its ability to climb a tree, it will live its whole life believing that it is stupid.
Phaelax
DBPro Master
23
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 11th Feb 2013 00:27
You're saying if you typed http://mysite.com/score.php?score=1000 it would work in the browser?

"You're not going crazy. You're going sane in a crazy world!" ~Tick
easter bunny
13
Years of Service
User Offline
Joined: 20th Nov 2012
Playing: Dota 2
Posted: 11th Feb 2013 01:32 Edited at: 11th Feb 2013 02:00
yes just tried it again with xampp using http://localhost/score.php?score=1001 and it updated the file score.dtb to 1001 when it was 1000, so score.php works just submitting the parameter score=[number] in agk doesn't work HERE is the link to the agk http docs

@zeroslave xampp is a webserver that basically turns your computer into a website called localhost, so in effect I'm uploading score.php onto a webserver even though it's stored on my computer.

edit: If I change the code to

it prints

which is the same error that happens when I access localhost/score.php WITHOUT supplying any parameters

edit2: I checked the access logs for Apache and they said this:
Note that I cleared them, the first 2 entries are from AppGameKit and the 3rd one is when I accessed localhost/score.php?score=1111 from Firefox


There are 10 types of people, those who understand binary and those who don't
easter bunny
13
Years of Service
User Offline
Joined: 20th Nov 2012
Playing: Dota 2
Posted: 11th Feb 2013 02:04
Ok, after all that I've figured out the problem, this code works:

I have to submit the parameter from the GET not the POST

There are 10 types of people, those who understand binary and those who don't
bitJericho
23
Years of Service
User Offline
Joined: 9th Oct 2002
Location: United States
Posted: 11th Feb 2013 03:09
Also, don't forget to make it secure! Your code is very much not secure, but hopefully you already know that.

Visit my blog http://www.canales.me.
easter bunny
13
Years of Service
User Offline
Joined: 20th Nov 2012
Playing: Dota 2
Posted: 11th Feb 2013 03:23 Edited at: 11th Feb 2013 03:27
Yeah, I realised that after all, anyone could access the high score table and set it to anything they want.
btw: Could they also post malicious code? I don't think so, it's extension is .dtb not .php but just in case...

[If it was something like score.php, someone could possibly post a high score that's really malicious code then access server.com/score.php and it would run the code]

edit2: I also realise that even if it's secure, they can still change the High score, but at least it will make it more difficult for them to find the URL of the High Score php page

There are 10 types of people, those who understand binary and those who don't
bitJericho
23
Years of Service
User Offline
Joined: 9th Oct 2002
Location: United States
Posted: 11th Feb 2013 03:36
It would be easy for anybody looking to modify the score.

What I would recommend, in PHP is requiring the number to be an integer, require a user id and password (perhaps this would be a phone ID + the user's entered name or something) to allow the score to be submitted. Then, to prevent cheating, encrypt the score using some custom equation so someone can't just input a number, they'd have to know your equation to get a reasonable number.

After that you'd only have people extremely annoying try to submit scores and you can ban them.

If you're extremely popular, at that time you can come up with a more secure solution, perhaps making users create email accounts to submit a score, going through facebook or something, or recording the user's play and watching it and then posting the score.

Visit my blog http://www.canales.me.
easter bunny
13
Years of Service
User Offline
Joined: 20th Nov 2012
Playing: Dota 2
Posted: 11th Feb 2013 04:15
ok thanks, I'll also have to make the program itself more secure, memory hacking programs like Cheat Engine
can be used to modify the score in-program, which would end up looking totally legit, and there's probably memory hacking apps for Android as well. (I'm planning on publishing the app on Android)

There are 10 types of people, those who understand binary and those who don't
Phaelax
DBPro Master
23
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 11th Feb 2013 04:33
Quote: "I have to submit the parameter from the GET not the POST"

If passing the variable through the address, then yes it's GET.

"You're not going crazy. You're going sane in a crazy world!" ~Tick
easter bunny
13
Years of Service
User Offline
Joined: 20th Nov 2012
Playing: Dota 2
Posted: 11th Feb 2013 08:43 Edited at: 11th Feb 2013 08:48
Is this a secure(er) way of doing it?
!pseudo code!
score.php?score=[users score]&check=[cript(score)]
function cript(score)
foo = (score/5)+15
return foo
end function
then the server decodes check and compares the result with score and if they aren't the same then is ignores the submission.
as the nasty person doesn't know the encryption algorithm, they will only get the score correct, so it won't work

There are 10 types of people, those who understand binary and those who don't
Markus
Valued Member
22
Years of Service
User Offline
Joined: 10th Apr 2004
Location: Germany
Posted: 11th Feb 2013 13:09
my idea :
send score to server
the server answer a time stamp or random number and hold it in session
you send answer to server, your timestamp and/or the same rnd number.
then the score will be valid in time limit or match the rnd no.
the server answer ok
somebody that don't know this logic can't cheat.
for memory cheating you can use two scores and add the other
+999 , if someone modify the one you don't have the 999 difference.
Indicium
18
Years of Service
User Offline
Joined: 26th May 2008
Location:
Posted: 11th Feb 2013 14:04
Send your score in get and send you score hashed and salted with a private key so only your server can confirm it matches.


They see me coding, they hating. http://indi-indicium.blogspot.co.uk/
Phaelax
DBPro Master
23
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 11th Feb 2013 16:41
What Indicium said. Also, make sure to properly escape any variables you retrieve using GET before inserting them into your database to avoid any code injection attacks.

"You're not going crazy. You're going sane in a crazy world!" ~Tick

Login to post a reply

Server time is: 2026-07-16 02:35:28
Your offset time is: 2026-07-16 02:35:28