Tier2 Android online database access

Author

Message

RichardH

11

Years of Service

User Offline

Joined: 29th Nov 2012

Location: California

Posted: 19th Mar 2013 07:29

Link

Hi guys, I am currently working on an AppGameKit tier 2 Android game where I plan on letting players create and save their own levels to an online database for others to use. I currently save each level to a series of text files locally. Right now each file stores the x, y, angle, color, length and width values of an AppGameKit sprite as a string where each value is on a new line. When reading a level the game reads in 6 lines at a time and creates these sprites based on the saved values. I was wondering if there was a way to communicate to an online MySQL database in a way that would port over to Android since I am using the NDK. I have been looking around the forums but haven't found anything that helps me figure this out. If anyone could point me in the right direction that would be great. Thanks in advance.

Back to top

Profile PM Email

JimHawkins

15

Years of Service

User Offline

Joined: 26th Jul 2009

Location: Hull - UK

Posted: 19th Mar 2013 11:28

Link

Your best method is probably to use a PHP script to talk to the MySQL database. All platforms can use that.

-- Jim DO IT FASTER, EASIER AND BETTER WITH AppGameKit FOR PASCAL

Back to top

Profile PM Website

Markus

Valued Member

20

Years of Service

User Offline

Joined: 10th Apr 2004

Location: Germany

Posted: 19th Mar 2013 12:48

Link

you can use SendHTTPFile & GetHTTPFile
http://www.appgamekit.com/documentation/Reference/HTTP.htm

you can install the apache webserver + php + MySQL local for testing.
http://de.wikipedia.org/wiki/Apache_HTTP_Server

http://www.mysql.com/downloads/installer/

Back to top

Profile PM Email

RichardH

11

Years of Service

User Offline

Joined: 29th Nov 2012

Location: California

Posted: 19th Mar 2013 21:19

Link

So how would i go about sending a file named "squares.lvl" using the http commands to "mywebsite.com"? So far I can create a connection, setHTTPHost, but I'm not sure how to send a file. Ultimately I want to save everything in database tables, but I do want to understand the HTTP commands too. My PHP is also rusty since I haven't been using it since last semester of school.

Back to top

Profile PM Email

Ancient Lady

Valued Member

20

Years of Service

User Offline

Joined: 17th Mar 2004

Location: Anchorage, Alaska, USA

Posted: 19th Mar 2013 21:44

Link

You would slurp the contents or your file into a string and pass that as an argument to a specific file on your server. The file would accept the string and parse out the information and store it in the database.

Have you worked with PHP and MySQL (assuming that is the database you are using) much?

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master

Back to top

Profile PM

RichardH

11

Years of Service

User Offline

Joined: 29th Nov 2012

Location: California

Posted: 19th Mar 2013 21:49

Link

I have only worked with PHP and MySQL briefly, but I did manage to make a CMS for a school project a while back. So I could just send a POST with a giant string and then parse that using PHP? Sounds like a good plan, I'll look into that right now.

Back to top

Profile PM Email

xCept

21

Years of Service

User Offline

Joined: 15th Dec 2002

Location:

Posted: 19th Mar 2013 22:22

Link

Using the SendHTTPFile() command, you can upload entire files (e.g., squares.lvl) to a server without any extra steps required in AGK. The other approach, as AL suggests, is to convert the text file to a string and send it as an argument to a server script (POST data).

In either case you'll need to have a server side script in place to retrieve and process the file (or string parameter if using the second approach). PHP is probably the easiest to work with for this kind of operation. The help documentation for SendHTTPFile() and most other HTTP commands is extremely sparse and some of it is outright inaccurate.

Basically, the SendHTTPFile command will pass a file to a script as if uploading it via a form on a page. The element name AppGameKit assigns to hold the uploaded file is "myfile" so you must reference this within the server script.

The small snippet below assumes you have an "upload.php" file on the server that checks for "myfile" and handles it appropriately, such as moving it from the temporary directory on the server to a final location. In PHP you use the $_FILES["myfile"]... command to deal with the file. It also assumes your map is in the "media" directory, if it is in a subdirectory of the media folder you must append the subdirectory to the string (e.g., "maps/squares.lvl")

+ Code Snippet

HTTPConnection = CreateHTTPConnection()
SetHTTPHost(HTTPConnection, "www.example.com", 0)

SendHTTPFile(HTTPConnection, "upload.php", "", "squares.lvl")

The code above should upload the file but in a real app you would want to verify the connection and check for its completion and the return result from the server to make sure everything was successful.

Back to top

Profile PM Email Website

Digital Awakening

AGK Developer

22

Years of Service

User Offline

Joined: 27th Aug 2002

Location: Sweden

Posted: 19th Mar 2013 22:25 Edited at: 19th Mar 2013 22:32

Link

PHP and MySQL is the way to do it. And best of all, it's both platform independent and you can use a regular web hotel as your server.

Demo 3 is out now!

Back to top

Profile PM Website

Ancient Lady

Valued Member

20

Years of Service

User Offline

Joined: 17th Mar 2004

Location: Anchorage, Alaska, USA

Posted: 19th Mar 2013 22:26

Link

I somehow missed the SendHTTPFile (or it wasn't appropriate for what I do). But that looks like the easiest option with the AppGameKit app for sending the whole file. It's one command instead of a whole bunch to get the data into a string that can be used in POST data.

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master

Back to top

Profile PM

Digital Awakening

AGK Developer

22

Years of Service

User Offline

Joined: 27th Aug 2002

Location: Sweden

Posted: 19th Mar 2013 22:32 Edited at: 19th Mar 2013 22:32

Link

The advantage of using SendHTTPRequest instead of sending a file is that you can send loads of other data like level name, creator, date etc to be easily stored in a database. And avoid that people upload harmful files to your server.

Demo 3 is out now!

Back to top

Profile PM Website

xCept

21

Years of Service

User Offline

Joined: 15th Dec 2002

Location:

Posted: 19th Mar 2013 22:36

Link

I tend to agree, DA. I have only used SendHTTPRequest (or its Asynchronous counterpart) in my projects as you have much more control over the variables and values being sent and it is much easier to parse and feed to databases etc. on the server. However, I see value in being able to send complete files in other situations and notably if it is a binary file, such as uploading one's in-game profile image to the server etc.

Back to top

Profile PM Email Website

Paul Johnston

TGC Developer

22

Years of Service

User Offline

Joined: 16th Nov 2002

Location: United Kingdom

Posted: 20th Mar 2013 00:08

Link

SendHTTPFile also has a POST field so you can send variables along with the file and parse them in PHP to decide if the file should be stored.

A PHP script to receive the file might look something like this

<?
    function fail( $msg ) { echo $msg; exit(); }

$user = $_POST['user'];
    $pass = $_POST['pass'];

//validate user
    
    //uploaded file
    if ($_FILES["myfile"]["tmp_name"] == "") fail( "No file uploaded." );
    if ($_FILES["myfile"]["error"] > 0)
    {
        switch ($_FILES['myfile']['error'])
        {
            case 1: fail( 'File exceeded maximum server upload size.' ); break;
            case 2: fail( 'File exceeded maximum file size.' ); break;
            case 3: //partial file
            case 4: fail( 'An error occured during file upload, please try again' ); break;    //no file
        }
    }
    
    $filename = basename( $_FILES["myfile"]['name'] );
    $size = (int) $_FILES["myfile"]["size"];    
    
    //check file does not exist and place it in its new location
    $filepath = "/path/to/save/file/$filename.zip";
    if ( file_exists($filepath) ) fail("That file has already been uploaded. If this should not be the case please contact support quoting the filename.");
    if ( @move_uploaded_file( $_FILES["myfile"]["tmp_name"], $filepath ) == FALSE ) fail("Could not move uploaded file, please try again.");
    if ( @chmod( $filepath, 0744 ) == FALSE ) fail("Could not modify uploaded file, please contact support.");
?>

+ Code Snippet

<?
    function fail( $msg ) { echo $msg; exit(); }

    $user = $_POST['user'];
    $pass = $_POST['pass'];

    //validate user
    
    //uploaded file
    if ($_FILES["myfile"]["tmp_name"] == "") fail( "No file uploaded." );
    if ($_FILES["myfile"]["error"] > 0)
    {
        switch ($_FILES['myfile']['error'])
        {
            case 1: fail( 'File exceeded maximum server upload size.' ); break;
            case 2: fail( 'File exceeded maximum file size.' ); break;
            case 3: //partial file
            case 4: fail( 'An error occured during file upload, please try again' ); break;    //no file
        }
    }
    
    $filename = basename( $_FILES["myfile"]['name'] );
    $size = (int) $_FILES["myfile"]["size"];    
    
    //check file does not exist and place it in its new location
    $filepath = "/path/to/save/file/$filename.zip";
    if ( file_exists($filepath) ) fail("That file has already been uploaded. If this should not be the case please contact support quoting the filename.");
    if ( @move_uploaded_file( $_FILES["myfile"]["tmp_name"], $filepath ) == FALSE ) fail("Could not move uploaded file, please try again.");
    if ( @chmod( $filepath, 0744 ) == FALSE ) fail("Could not modify uploaded file, please contact support.");
?>

However in this case I agree that the best approach is SendHTTPRequestASync and scores are sent one at a time as they occur to the server which then stores them, this only requires POST data. Then when you want a list of scores you can call another script with SendHTTPRequestASync that returns the list of scores as a delimited string

Back to top

Profile PM Email

Ancient Lady

Valued Member

20

Years of Service

User Offline

Joined: 17th Mar 2004

Location: Anchorage, Alaska, USA

Posted: 20th Mar 2013 03:26

Link

Quote: "avoid that people upload harmful files to your server"

Good point. But easily controlled in code as long as the file is purely generated by the app itself, it should be safe.

Quote: "SendHTTPFile also has a POST field"

Good to know. This has definite potential.

My current WIP uses just SendHTTPRequest, which can be quite powerful. My app does an initial registration for a new user. When a user reinstalls the app on another device (independent of the device) and they already exist in the database, they are recognized and any stats stored in the database are transmitted down and become the basis for their local stats. Yup, you can do a lot with a simple delimited string (or doubly delimited as I use in this case).

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master

Back to top

Profile PM

RichardH

11

Years of Service

User Offline

Joined: 29th Nov 2012

Location: California

Posted: 20th Mar 2013 04:51

Link

Ok cool, you guys are totally helping me out. So far I have set up my index.php file to receive a POST data string that represents part of a level. I have been using agk:

rint(response) to check to make sure my server is receiving properly, and it is.
Here is my code to read the file and create the HTTP request:

+ Code Snippet

// OPEN FILE, SAVE AS STRING
		file = agk::OpenToRead("load_test_beams.lvl");
		std::ostringstream s;
		s<< "lvl_beams=" << agk::ReadString(file);
		agk::CloseFile(file);

		// CREATE CONNECTION
		con = agk::CreateHTTPConnection();
		agk::SetHTTPHost(con, "mywebsite.com", 0);
		response = agk::SendHTTPRequest( con, "index.php",  s.str().c_str() );

And here is my index.php:

+ Code Snippet

<body>
<?php

$level_string = $_POST['lvl_beams'];
echo $level_string;

?>


</body>

I hope that helps anyone else having problems using the HTTP commands. Now I need to splice up the POST strings into my database which I should be able to figure out without too mush trouble. Thanks for helping out guys this really made life easier

.

Back to top

Profile PM Email

Digital Awakening

AGK Developer

22

Years of Service

User Offline

Joined: 27th Aug 2002

Location: Sweden

Posted: 20th Mar 2013 06:44

Link

Quote: "SendHTTPFile also has a POST field so you can send variables along with the file and parse them in PHP to decide if the file should be stored.

A PHP script to receive the file might look something like this"

Thanks for the tips Paul

Demo 3 is out now!

Back to top

Profile PM Website

Ancient Lady

Valued Member

20

Years of Service

User Offline

Joined: 17th Mar 2004

Location: Anchorage, Alaska, USA

Posted: 20th Mar 2013 15:00

Link

For security reasons, you do NOT want to use the index.php file for your game processing. (I have a company that does web work and hosts sites for some customers, so security is something I worry about.)

Every crawler and hacker in the world will try to get access to your site and database and the index.php file is the first they'll try to manipulate.

I would recommend creating a subdirectory with some non-obvious name and putting your game processing files there.

And, even though hackers will ignore, use your robots.txt file to indicate that the directory is not to be parse by search bots.

If you don't have a robots.txt file in your root directory, you should. A typical robots.txt file (on my sites anyway) looks like this:

+ Code Snippet

User-Agent: panscient.com
Disallow: /

User-Agent: sitebot.og
Disallow: /

User-Agent: tencenttraveler
Disallow: /

User-Agent: *
Disallow: /images
Disallow: /shared
Disallow: /anypathyouwantthemtoignore

The first three sets theoretically deny access to the entire site to the indicated user agents (you don't want them trolling you).

The last one tells everyone that they should not look in the listed directories.

Of course, not all bots obey this. But it is a start.

You can also use your .htaccess file to kick out any number of bots as soon as they try to cruise your site.

You can even use the .htaccess file to only permit posting to your game files if the user agent is "InternetConnection" or contains "Your%20App%20Name". Those are the user agent strings I see for my tests from my own WIP.

It is in everyone's interest to secure their sites regarding files that either upload things or affect their database.

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master

Back to top

Profile PM

RichardH

11

Years of Service

User Offline

Joined: 29th Nov 2012

Location: California

Posted: 20th Mar 2013 19:05

Link

Thanks for the tips Ancient Lady, even though I wasn't planning on keeping everything in the index file, I didn't realize the security risk. I do have a robot.txt file already, but I'll add those sets you recommended.

You mentioned using the .htaccess file to only permit users with "Your%20App%20Name", but how would I go about doing that? Right now my .htaccess file is empty.

Back to top

Profile PM Email

Digital Awakening

AGK Developer

22

Years of Service

User Offline

Joined: 27th Aug 2002

Location: Sweden

Posted: 20th Mar 2013 21:35

Link

I too am curious about how to configure the .htaccess file

Demo 3 is out now!

Back to top

Profile PM Website

Ancient Lady

Valued Member

20

Years of Service

User Offline

Joined: 17th Mar 2004

Location: Anchorage, Alaska, USA

Posted: 20th Mar 2013 21:54 Edited at: 20th Mar 2013 21:56

Link

This is some of the stuff I have in some of my .htaccess files (I block a lot of things):

## turn on the rewrite engine
RewriteEngine on

## check for things we deny outright
RewriteCond %{HTTP_USER_AGENT} (dts.agent|obot\/2\.3\.1|ip\-web\-crawler|ahrefsbot|intelium_bot|exabot|xpymep|935\.ibm\.com|sosospider|sitebot|tencenttraveler|cmsworldmap|snookbot|aihitbot|whitehat|turnitinbot|dotnetdotcom|panscient|toata.dragostea.mea.pentru) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (careerbot|mj12bot|youdaobot|sogou|jikespider|businessdbbot|automattic\sanalytics|mj12bot|/bot\.php|ccbot|commoncrawl|zmeubot\-mysql|twengabot|webdav|netcraftsurveyagent|baiduspider|yandex|nmap.scripting.engine|gootkit.auto.rooter.scanner) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(morfeus|java|betaBot|libwww.perl|libcurl|curl|microsoft.url.control|imagelock.com|cyveillance.com|discoveryengine.com|adnormcrawler|www.adnorm.com) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (DigExt|SWEBot|Gootkit|auto\-rooter|webcollage|Microsoft.Data.Access.Internet.Publishing.Provider.DAV) [NC,OR]
RewriteCond %{THE_REQUEST} (CHANGELOG\.TXT|ISC\.SANS\.DFind|/NULL|/README|JUNKMETHOD|_SERVER\[DOCUMENT_ROOT\]|_PHPLIB\[libdir\]|_SERVER\[ConfigFile\]|_REQUEST\[option\]) [OR]
RewriteCond %{THE_REQUEST} (/bin/|login\.cgi|\.asp|/index\.jspa|/user|/ads|/xml|/blog|/fast|/include|/cart|/php/|/cmd.php|/etc/passwd|/tmpr) [NC,OR]
RewriteCond %{THE_REQUEST} (/motherofgod|/terms.conditions|/refund|/product_info|/moneyback|\.wantsfly|/prx\.php|/prx1\.php|/prx2\.php|/mysql|/libraries|/pma|/_pma|/__pma|/_phpmy|/__phpmy|/phpmy/|/phpmyadmin[^\.]|/phppgadmin|/phpmyadmin/|/phpmyadmin\-|/php\-my|/phpmy\-|/phpmyadmin\.\d|/p/m/a|/php\-my\-admin) [NC,OR]
RewriteCond %{THE_REQUEST} (//default.css|/htdocs/|/ldap/|/pla/|\+\+\+\+\+\+\+\+\+\+\+|/headers|slurpconfirm404|/crossdomain\.xml|/c99|/r57|/hord|/misc|Notify_Uncategorized_Allowed|/usage|notifyuser|/get_orders_list|/db_adodb.php|/send_reminders\.php|/calendar\.php|/config_settings\.php|/myadmin|/padmin|/webad|/webdb|/websql|/proxy|/program) [NC,OR]
RewriteCond %{THE_REQUEST} (/tooltip\.js|/t3lib|/htmlarea|/xoops|/ecrire|/own\.php|/openldap|/ldapadmin|/level|/install\.txt|/shared/[^a-z]|/vb|/old|/upload\.php|\.\.\/\.\.\/|/saveserver\.php|/intranet|/joomla|/cms|/admin|/db/|/homework|/bbs|/dbadmin|/dbmyadmin|/mspgmysql|/phpadmin|/myadmin/|/phpmya|phpmpa|/2phpmy|/phppma|/qql|/admm|/admn) [NC,OR]
RewriteCond %{THE_REQUEST} (/cobbler|/CFIDE|/traq|/gameframe\.net|/shell\.php|/devicedesc|/igd|/upnp|/phpldap|/ajaxfilemanager|/ccbill|/ivms|/flow\.php|/jmx\-console|/phpbb|/smf|/yellowfish|/$null$|/sched|/phpsched|/datenbank|/database|/moodle|/signup\.|/xampp|/typo|/zen|/shop|/install/|/store|/news|/list|/manager|/phplist|/script|/sql[^\.]) [NC,OR]
RewriteCond %{THE_REQUEST} (/trackback|/ipb|/error10\.php|/\.bash_history|/v2/|/nice.ports|\+and|\+or|\+union|\+select|/progotte|SVH\-CoachingPage|/3rdparty|/rahat|/spaw|/nosuichfile|/noxdir|/nuke|MM_preloadImages|/cgi|/ttx\.cgi|/wp\-login\.php|/wordtrans|/appserv|/amazon|/sumthin|/phpmanager|/riau-online|/web/|/phpmyfaq|/appconf\.htm) [NC,OR]
RewriteCond %{THE_REQUEST} (/vtigercrm|/x\.zip|/cache|/viewpart|/ShowUrl|/ShowForum|allow_url_include|/index\-9x\.jsp|/apps|/phpAlbum|/sitecore|/umbraco|/trix|/soapCaller|/checkproxy|/sd/|/wiki|/tiki|/rules\.abe|/thisdoesnotexistahaha\.php|/proxyjudge|/people|/function|/_vti_bin|/azenv|/email|/mail(?!to)|/newmail|/awstats|/stat|/cgi\-bin) [NC,OR]
RewriteCond %{THE_REQUEST} (/application$|/application\.ini|/configs|FHSCAN|/www\.fbi\.gov|/wordpress|/system|/loja|/phpdb|/extern_js|/phpldap|muieblackcat|/recordings|/cisco|/ticker|mbisetup|/autoconfig|/mural|/wm/|/rc/|/round|/cube|/a1b2c3d4|/adxmlrpc\.php|/portal|/cacti|/stats|/db/|/web|/fastenv|/store|/phpads|/xml|/drupal|/community|myproxylists|http_write) [NC,OR]
RewriteCond %{THE_REQUEST} (/SSLMySQLAdmin|/sprawdza|/tabcontent|/tengo|/autoupdate|/prefConf|/a2bill|/foro|vicidial|html\+http|/google|/vhosts|/ehcp|/translat|/main\.php|passthru|/pmwiki|/V20x|/123flash|/4images|/\=http|/assets/|/class/|/libs/|/lib/|/components|/content/|/gallery/|/global|/module|/phpthumb|/wp\-content|/wp\-admin|/mya) [NC,OR]
RewriteCond %{THE_REQUEST} (/w00tw00t|trafficbasedsspsitemap\.xml|scanproxy|/wp\-trackback|/anony/|/engine/|/project_auth|/phpinfo|dompdf|fckeditor|fck/editor|blackhats|/impex|/forum|/imghp|/buysellads|/template|/e107|/ant\.dsabuse\.com|/arcade\.php|/shop/|/backoffice|/comersus/|/oscommerce/|/store/|/catalog/|/products/|/extras/|/cpa|/sl2) [NC,OR]
RewriteCond %{THE_REQUEST} (/feed|/external|/rss) [NC,OR]
RewriteCond %{THE_REQUEST} (/x[0-9a-f][0-9a-f].?/x[0-9a-f][0-9a-f]) [NC,OR]
RewriteCond %{QUERY_STRING} (phpinfo|\.\.\/) [NC]
## deny access
RewriteRule ^.*$ - [F,L]

## check for attempt to access included files directly if there is no referrer the site
## indicate the directories to check for
RewriteCond %{THE_REQUEST} (/tmp/|/local/|/shared/|/demos/stuff/|/images/) [NC]
## the referrer is blank
RewriteCond %{HTTP_REFERER} ^$ [NC]
## deny access
RewriteRule ^.*$ - [F,L]

## indicate the directories to check for
RewriteCond %{THE_REQUEST} (/tmp/|/local/|/shared//|/demos/stuff/|/images/) [NC]
## the referrer is NOT blank
RewriteCond %{HTTP_REFERER} !^$ [NC]
## the referrer MUST be from your domain
RewriteCond %{HTTP_REFERER} !^https*://(www.)*yourdomain.com [NC]
## deny access
RewriteRule ^.*$ - [F,L]

## this rule is the one that I think would work to block anyone from going after app pages that are for use by your app only
RewriteCond %{THE_REQUEST} /yourgamedir [NC]
## the referrer is NOT blank
RewriteCond %{HTTP_REFERER} !^$ [NC]
## the referrer MUST be from your domain
RewriteCond %{HTTP_REFERER} !(Your%20App%20Name|^InternetConnection$) [NC]
## deny access
RewriteRule ^.*$ - [F,L]

+ Code Snippet

## turn on the rewrite engine
RewriteEngine on

## check for things we deny outright
RewriteCond %{HTTP_USER_AGENT} (dts.agent|obot\/2\.3\.1|ip\-web\-crawler|ahrefsbot|intelium_bot|exabot|xpymep|935\.ibm\.com|sosospider|sitebot|tencenttraveler|cmsworldmap|snookbot|aihitbot|whitehat|turnitinbot|dotnetdotcom|panscient|toata.dragostea.mea.pentru) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (careerbot|mj12bot|youdaobot|sogou|jikespider|businessdbbot|automattic\sanalytics|mj12bot|/bot\.php|ccbot|commoncrawl|zmeubot\-mysql|twengabot|webdav|netcraftsurveyagent|baiduspider|yandex|nmap.scripting.engine|gootkit.auto.rooter.scanner) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(morfeus|java|betaBot|libwww.perl|libcurl|curl|microsoft.url.control|imagelock.com|cyveillance.com|discoveryengine.com|adnormcrawler|www.adnorm.com) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (DigExt|SWEBot|Gootkit|auto\-rooter|webcollage|Microsoft.Data.Access.Internet.Publishing.Provider.DAV) [NC,OR]
RewriteCond %{THE_REQUEST} (CHANGELOG\.TXT|ISC\.SANS\.DFind|/NULL|/README|JUNKMETHOD|_SERVER\[DOCUMENT_ROOT\]|_PHPLIB\[libdir\]|_SERVER\[ConfigFile\]|_REQUEST\[option\]) [OR]
RewriteCond %{THE_REQUEST} (/bin/|login\.cgi|\.asp|/index\.jspa|/user|/ads|/xml|/blog|/fast|/include|/cart|/php/|/cmd.php|/etc/passwd|/tmpr) [NC,OR]
RewriteCond %{THE_REQUEST} (/motherofgod|/terms.conditions|/refund|/product_info|/moneyback|\.wantsfly|/prx\.php|/prx1\.php|/prx2\.php|/mysql|/libraries|/pma|/_pma|/__pma|/_phpmy|/__phpmy|/phpmy/|/phpmyadmin[^\.]|/phppgadmin|/phpmyadmin/|/phpmyadmin\-|/php\-my|/phpmy\-|/phpmyadmin\.\d|/p/m/a|/php\-my\-admin) [NC,OR]
RewriteCond %{THE_REQUEST} (//default.css|/htdocs/|/ldap/|/pla/|\+\+\+\+\+\+\+\+\+\+\+|/headers|slurpconfirm404|/crossdomain\.xml|/c99|/r57|/hord|/misc|Notify_Uncategorized_Allowed|/usage|notifyuser|/get_orders_list|/db_adodb.php|/send_reminders\.php|/calendar\.php|/config_settings\.php|/myadmin|/padmin|/webad|/webdb|/websql|/proxy|/program) [NC,OR]
RewriteCond %{THE_REQUEST} (/tooltip\.js|/t3lib|/htmlarea|/xoops|/ecrire|/own\.php|/openldap|/ldapadmin|/level|/install\.txt|/shared/[^a-z]|/vb|/old|/upload\.php|\.\.\/\.\.\/|/saveserver\.php|/intranet|/joomla|/cms|/admin|/db/|/homework|/bbs|/dbadmin|/dbmyadmin|/mspgmysql|/phpadmin|/myadmin/|/phpmya|phpmpa|/2phpmy|/phppma|/qql|/admm|/admn) [NC,OR]
RewriteCond %{THE_REQUEST} (/cobbler|/CFIDE|/traq|/gameframe\.net|/shell\.php|/devicedesc|/igd|/upnp|/phpldap|/ajaxfilemanager|/ccbill|/ivms|/flow\.php|/jmx\-console|/phpbb|/smf|/yellowfish|/\(null\)|/sched|/phpsched|/datenbank|/database|/moodle|/signup\.|/xampp|/typo|/zen|/shop|/install/|/store|/news|/list|/manager|/phplist|/script|/sql[^\.]) [NC,OR]
RewriteCond %{THE_REQUEST} (/trackback|/ipb|/error10\.php|/\.bash_history|/v2/|/nice.ports|\+and|\+or|\+union|\+select|/progotte|SVH\-CoachingPage|/3rdparty|/rahat|/spaw|/nosuichfile|/noxdir|/nuke|MM_preloadImages|/cgi|/ttx\.cgi|/wp\-login\.php|/wordtrans|/appserv|/amazon|/sumthin|/phpmanager|/riau-online|/web/|/phpmyfaq|/appconf\.htm) [NC,OR]
RewriteCond %{THE_REQUEST} (/vtigercrm|/x\.zip|/cache|/viewpart|/ShowUrl|/ShowForum|allow_url_include|/index\-9x\.jsp|/apps|/phpAlbum|/sitecore|/umbraco|/trix|/soapCaller|/checkproxy|/sd/|/wiki|/tiki|/rules\.abe|/thisdoesnotexistahaha\.php|/proxyjudge|/people|/function|/_vti_bin|/azenv|/email|/mail(?!to)|/newmail|/awstats|/stat|/cgi\-bin) [NC,OR]
RewriteCond %{THE_REQUEST} (/application$|/application\.ini|/configs|FHSCAN|/www\.fbi\.gov|/wordpress|/system|/loja|/phpdb|/extern_js|/phpldap|muieblackcat|/recordings|/cisco|/ticker|mbisetup|/autoconfig|/mural|/wm/|/rc/|/round|/cube|/a1b2c3d4|/adxmlrpc\.php|/portal|/cacti|/stats|/db/|/web|/fastenv|/store|/phpads|/xml|/drupal|/community|myproxylists|http_write) [NC,OR]
RewriteCond %{THE_REQUEST} (/SSLMySQLAdmin|/sprawdza|/tabcontent|/tengo|/autoupdate|/prefConf|/a2bill|/foro|vicidial|html\+http|/google|/vhosts|/ehcp|/translat|/main\.php|passthru|/pmwiki|/V20x|/123flash|/4images|/\=http|/assets/|/class/|/libs/|/lib/|/components|/content/|/gallery/|/global|/module|/phpthumb|/wp\-content|/wp\-admin|/mya) [NC,OR]
RewriteCond %{THE_REQUEST} (/w00tw00t|trafficbasedsspsitemap\.xml|scanproxy|/wp\-trackback|/anony/|/engine/|/project_auth|/phpinfo|dompdf|fckeditor|fck/editor|blackhats|/impex|/forum|/imghp|/buysellads|/template|/e107|/ant\.dsabuse\.com|/arcade\.php|/shop/|/backoffice|/comersus/|/oscommerce/|/store/|/catalog/|/products/|/extras/|/cpa|/sl2) [NC,OR]
RewriteCond %{THE_REQUEST} (/feed|/external|/rss) [NC,OR]
RewriteCond %{THE_REQUEST} (/x[0-9a-f][0-9a-f].?/x[0-9a-f][0-9a-f]) [NC,OR]
RewriteCond %{QUERY_STRING} (phpinfo|\.\.\/) [NC]
## deny access
RewriteRule ^.*$ - [F,L]


## check for attempt to access included files directly if there is no referrer the site
## indicate the directories to check for
RewriteCond %{THE_REQUEST} (/tmp/|/local/|/shared/|/demos/stuff/|/images/) [NC]
## the referrer is blank
RewriteCond %{HTTP_REFERER} ^$ [NC]
## deny access
RewriteRule ^.*$ - [F,L]

## indicate the directories to check for
RewriteCond %{THE_REQUEST} (/tmp/|/local/|/shared//|/demos/stuff/|/images/) [NC]
## the referrer is NOT blank
RewriteCond %{HTTP_REFERER} !^$ [NC]
## the referrer MUST be from your domain
RewriteCond %{HTTP_REFERER} !^https*://(www.)*yourdomain.com [NC]
## deny access
RewriteRule ^.*$ - [F,L]

## this rule is the one that I think would work to block anyone from going after app pages that are for use by your app only
RewriteCond %{THE_REQUEST} /yourgamedir [NC]
## the referrer is NOT blank
RewriteCond %{HTTP_REFERER} !^$ [NC]
## the referrer MUST be from your domain
RewriteCond %{HTTP_REFERER} !(Your%20App%20Name|^InternetConnection$) [NC]
## deny access
RewriteRule ^.*$ - [F,L]

Now some of the stuff I am blocking is because I know what exists on all of the domains I host and none of them have blogs or cms systems.

You should be careful about what you put in, or you might block things you don't want to.

The last RewriteCond/RewriteRule set is the one I was mentioning.

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master

Back to top

Profile PM

Sorry your browser is not supported!

AppGameKit Classic Chat / Tier2 Android online database access