Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Windows / Passing Postdata with SendHTTPRequest

Author
Message
Parry
AGK Developer
14
Years of Service
User Offline
Joined: 16th Dec 2009
Location: Swampstone
Posted: 25th May 2013 02:47 Edited at: 25th May 2013 02:55
Link
I been unable to pass postdata with SendHTTPRequestASync or And SendHTTPRequest. Anyone else having this problem?

I tried with 1076 and 1081beta.

Back to top
Profile PM Email Website
Ancient Lady
Valued Member
20
Years of Service
User Offline
Joined: 17th Mar 2004
Location: Anchorage, Alaska, USA
Posted: 25th May 2013 17:02
Link
I have had no issues with this at all.

Since you are clearly using Tier 2 (as I do), you might not be aware of the issues about calling agk::Sync() anywhere but as the last thing in the app::Loop() method.

Unlike Tier 1, the Sync() call does NOT cause all the user/external events to happen. In Tier 2 it only updates physics and the display. Any user inputs (keyboard, mouse, touch, etc.) are caught and handled at the end (or beginning, not sure) of the app::Loop() method. And I suspect that the HTTP functions are the same.

Unfortunately, in Tier 2, you basically have to set up a series of state engines (depending on how you do stuff).

There are several places in my WIP that require communication with my web server. And, using pseudo code, it works something like this:



Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master
Back to top
Profile PM
Parry
AGK Developer
14
Years of Service
User Offline
Joined: 16th Dec 2009
Location: Swampstone
Posted: 25th May 2013 20:24 Edited at: 25th May 2013 20:32
Link
Thanks for the information on Sync(), wasn't aware of that.

SendHTTPRequest is a better to use in my particular case, I just tried SendHTTPRequestASync to see if it would work.

I copied my project over from my windows 8 desktop to a windows 7 laptop and had the same problem. The website responses as if there is no post data, but it does pull up the website requested on both computers.

I found a fix, I included the post data together with the file.

This works:


This doesn't:


Maybe the problem is with my hosting service?
Back to top
Profile PM Email Website
Phaelax
DBPro Master
21
Years of Service
User Offline
Joined: 16th Apr 2003
Location: Metropia
Posted: 25th May 2013 23:31
Link
Quote: "string sFile = "file.php?a=test";"


Wouldn't that make it GET and not POST?

"You're all wrong. You're all idiots." ~Fluffy Rabbit
Back to top
Profile PM Email Website
Ancient Lady
Valued Member
20
Years of Service
User Offline
Joined: 17th Mar 2004
Location: Anchorage, Alaska, USA
Posted: 25th May 2013 23:36
Link
I don't know why the SendHTTPRequest command doesn't work with the separated file and arguments. It should.

If I get time next week, I'll see if I can repeat your problem. If it is repeatable then it is a reportable bug.

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master
Back to top
Profile PM
Naphier
14
Years of Service
User Offline
Joined: 2nd Oct 2010
Location: St Petersburg, Florida
Posted: 24th Jun 2013 23:13
Link
This works 100% OK in T1
Is it possible that your PHP file is looking for $_GET instead of $_POST?
I switch mine to $_GET for debugging/testing the PHP script and sometimes forget to switch back to $_POST sometimes.
Like Phaelax says,
Quote: ""string sFile = "file.php?a=test";""
seems like it would be sending the data as GET.

Napland Games Facebook Twitter
Back to top
Profile PM Email Website
Ancient Lady
Valued Member
20
Years of Service
User Offline
Joined: 17th Mar 2004
Location: Anchorage, Alaska, USA
Posted: 24th Jun 2013 23:43
Link
I think Phaelax is possibly onto the issue.

Parry, can you show us the PHP code you use to collect the data passed to the file?

You can use the more generic $_REQUEST array instead of $_GET or $_POST if you aren't sure how something is being transmitted.

All the data passed as either POST or GET (yes, you can post as GET, it is a transmission style) is accumulated in that array.

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master
Back to top
Profile PM
Parry
AGK Developer
14
Years of Service
User Offline
Joined: 16th Dec 2009
Location: Swampstone
Posted: 25th Jun 2013 23:56
Link
Sorry I been working on other parts of my game so I missed your reply.

You guessed it, I am using $_GET in the PHP code. Im not normally a PHP programmer, so I will have to read up on the difference in "Post" and "Get".

Thanks for the help!
Back to top
Profile PM Email Website
Naphier
14
Years of Service
User Offline
Joined: 2nd Oct 2010
Location: St Petersburg, Florida
Posted: 26th Jun 2013 00:08
Link
Welcome to my world! I did this about 100 times when testing.
AL tells me that POST is more secure.
AGK commands use post.

Napland Games Facebook Twitter
Back to top
Profile PM Email Website
Ancient Lady
Valued Member
20
Years of Service
User Offline
Joined: 17th Mar 2004
Location: Anchorage, Alaska, USA
Posted: 26th Jun 2013 00:12
Link
If you looked at access logs on the server that is receiving the page requests, you would see the difference between GET and POST.

In a GET call, the entire set of parameters is displayed along with the URL, visible to the entire world of stream sniffers.

In a POST call, only the URL (including the page) is visible. All of the values passed are not seen.

The fact that you can make an HTTPS connection via AppGameKit (assuming the site you are connecting to has an SSL certificate installed) makes the communications even more secure. The data is then all encrypted before it goes out.

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master
Back to top
Profile PM
MikeMax
AGK Academic Backer
12
Years of Service
User Offline
Joined: 13th Dec 2011
Location: Paris
Posted: 26th Jun 2013 23:58 Edited at: 27th Jun 2013 00:00
Link
Just to precise (as AL said), the POST datas are sent through HTTP headers (which is never logued on a server due to RFC - HTTP specifications). Using a HTTPS connection with GET datas will still appear along the URL and in http server logs(so it's not very secure).

Indeed, the best solution is HTTPS (SSL) using POST Calls


However, you can still use a local proxy to display the headers (for HTTP only ... HTTPS will be encrypted...)
Back to top
Profile PM Email
Naphier
14
Years of Service
User Offline
Joined: 2nd Oct 2010
Location: St Petersburg, Florida
Posted: 27th Jun 2013 00:06
Link
That's a helpful tidbit!
Out of curiosity of security is it possible to intercept post data? For example, could someone write malware that logs all of the post data sent from your device? If so does HTTPS do anything to prevent that?

Napland Games Facebook Twitter
Back to top
Profile PM Email Website
MikeMax
AGK Academic Backer
12
Years of Service
User Offline
Joined: 13th Dec 2011
Location: Paris
Posted: 27th Jun 2013 00:17 Edited at: 27th Jun 2013 00:19
Link
In HTTP only it could be possible if there is a BIG security hole (on android it must be complicated because network functions and authorizations needs manual acceptations ... except for MDM managed devices (Master data management for enterprises) or if the malware has the keystore corresponding to an already installed app that use network and reuse its ID) . For iOS i think it would be also very complicated to bypass these kind of verifications.

On a computer (mac/win/linux) (and still for HTTP only) it's easy.

That's why HTTPS is the best solution and not only an "option" if you are transfering important datas like logins/passwords.
Back to top
Profile PM Email
Ancient Lady
Valued Member
20
Years of Service
User Offline
Joined: 17th Mar 2004
Location: Anchorage, Alaska, USA
Posted: 27th Jun 2013 03:47
Link
But you must remember that you can only use HTTPS if the domain that you are connecting is set up with an SSL certificate.

And SSL certificates (that are accepted without issues) are not generally free. A self-signed SSL can be used in some situations. But I strongly doubt it would work with the AppGameKit stuff because using one requires the user to acknowledge that they know it is possibly not a real secure connection and that they accept the SSL certificate. This is a pain in the rear in Windows already and not very much fun in Apple either.

And any SSL certificate requires that the domain have a dedicated IP address.

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master
Back to top
Profile PM
MikeMax
AGK Academic Backer
12
Years of Service
User Offline
Joined: 13th Dec 2011
Location: Paris
Posted: 27th Jun 2013 05:26 Edited at: 27th Jun 2013 20:55
Link
I will try self-signed certificate with AppGameKit but i think it will work with them. (and if it doesn't work, it would be because Lee or Paul have specified that the certificate must be checked and must trigger an error if it fails. If it's the case, i will ask for a command parameter for this verification ( activate/deactivate SSL cert check).

But to bypass this kind of problems, you can also get a free and official certificate on StartSSL (a certificate authority) (i have used a lot of their Certs for testing purpose at work and there is no problem at all for Web Servers):

http://www.startssl.com/


Edit : to be more precise, a Self-signed Web Server certificate technically crypts the TCP packets at the same secure level as if you have purchased one. The only difference is that Certificate Authorities (CA) are doing several verifications (like sending an email to the webmaster@yourdomain.com generally) with their CA Certificate .. Intermediate certificate etc ... A lot of annoying things (that you can do yourself in few command lines)... just to say ... "we will make people to trust and staying on your website, so .. please pay us " :p

For very very very expensive certificates (higher classes like Verisign Class3/G3 (like amazon.com/microsoft.com and all the big companies and banks)) (the certificates that makes your webbrowser's address bar to become green generally :p), Certificate Authorities can provide money insurance if your SSL Certificate is cracked (hummmmf... sometimes up to few millions dollars like the symantec CA Certification offers)
Back to top
Profile PM Email
Ancient Lady
Valued Member
20
Years of Service
User Offline
Joined: 17th Mar 2004
Location: Anchorage, Alaska, USA
Posted: 27th Jun 2013 16:35
Link
Sounds good.

StartSSL looks like are doing a good service for people who don't have a very high end need, but do need an SSL.

Cheers,
Ancient Lady
AGK Community Tester and AppGameKit Master
Back to top
Profile PM
Back to top

Login to post a reply

Server time is: 2024-11-21 12:58:46
Your offset time is: 2024-11-21 12:58:46