- Home /
Help with modified php code from highscore tutorial
Resolved. I was using $vars['var_here'] instead of $vars['Var_here']
Working code
MySQL Table:
Name Password CharacterName (username) (md5-encrypted_password) (ingame_character_name)Php code:
<?php
//Commented all debug code.
$database = mysql_connect('mysql_host', 'mysql_user', 'mysql_password')
or die('Could not connect: ' . mysql_error());
mysql_select_db('mysql_database')
or die('Could not select database');
$gameversion = "1.0";
$name = mysql_real_escape_string($_GET['name']);
$password = mysql_real_escape_string($_GET['password']);
$hash = mysql_real_escape_string($_GET['hash']);
$Key = "secret_Key";
//echo "Starting pull process.<span style='display: block;'></span>";
if(md5($name . $password . $Key) == $hash)
{
//echo "Inside pull process. name, password, key = hash<span style='display: block;'></span>";
$info = mysql_query("SELECT * FROM `users` WHERE Name='" . $name . "'")
or die('Query failed: ' . mysql_error());
//echo "Starting fetch process.<span style='display: block;'></span>";
while($vars = mysql_fetch_array($info))
{
//echo "Inside fetch process, finding info = okay<span style='display: block;'></span>";
//echo "Starting name check<span style='display: block;'></span>";
//echo "DB Name: " . $vars['Name'] . "<span style='display: block;'></span>";
if($name == $vars['Name'])
{
//echo "Name check passed.<span style='display: block;'></span>";
//echo "Starting password check.<span style='display: block;'></span>";
if($password == $vars['Password'])
{
//echo "Password check passed.<span style='display: block;'></span>";
echo $vars['CharacterName'] . "\t" . $gameversion . "";
}
else{
//echo "Password check failed.<span style='display: block;'></span>";
}
}
else{
//echo "Name check failed.<span style='display: block;'></span>";
//echo "Received name: " . $name . "<span style='display: block;'></span>";
//echo "DB name: " . $vars['Name'] . "<span style='display: block;'></span>";
}
}
}
else{
echo "Process failed";
}
?>
Javascript code:
var username : String = "";
var password : String = "";
//GUI Stuff to get the username and password, tested, it works perfectly
function LogIn(){
infopost = WWW("http://server.testserver2013.herobo.com/server.php?name=" + username + "&password=" + Md5Sum(password) + "&hash=" + Md5Sum(username + Md5Sum(password) + "secret_Key"));
yield infopost;
if(infopost.error){
Debug.LogError("Failure");
}
else{
Debug.Log(infopost.text);
}
}
//Just the md5 function from the wiki
static function Md5Sum(strToEncrypt: String)
{
var encoding = System.Text.UTF8Encoding();
var bytes = encoding.GetBytes(strToEncrypt);
// encrypt bytes
var md5 = System.Security.Cryptography.MD5CryptoServiceProvider();
var hashBytes:byte[] = md5.ComputeHash(bytes);
// Convert the encrypted bytes back to a string (base 16)
var hashString = "";
for (var i = 0; i < hashBytes.Length; i++)
{
hashString += System.Convert.ToString(hashBytes[i], 16).PadLeft(2, "0"[0]);
}
return hashString.PadLeft(32, "0"[0]);
}
What happens if you execute the PHP script from your browser? Do you see warnings or errors?
Thanks for giving out your 000Webhost username and password lol
Edited out for you :). It would be a good idea to change it asap.
This is really a PHP question, there could very well be something wrong with your script in Unity. That would be a big help if you'd post the UNITY script you are using.
Add some echo
statements in various places - make sure everything is working as you expect. Echo out variable values and such, make sure they're the values you expect. Once you get that all working while running in a browser, then go back to integrating with Unity.
Answer by tw1st3d · Jul 26, 2013 at 03:30 PM
Please implement this for your PHP code. The spans are added because the form was removing my line breaks, so you can just replace them with br tags if you want.
<?php
$database = mysql_connect('xxxxx', 'xxxxx', 'xxxxx')
or die('Could not connect: ' . mysql_error());
mysql_select_db('xxxxx')
or die('Could not select database');
$gameversion = "1.0";
$name = mysql_real_escape_string($_GET['name']);
$password = mysql_real_escape_string($_GET['password']);
$hash = mysql_real_escape_string($_GET['hash']);
$Key = "Universe";
echo "Starting pull process.<span style='display: block;'></span>";
if(md5($name . $password . $Key) == $hash)
{
echo "Inside pull process. name, password, key = hash<span style='display: block;'></span>";
$info = mysql_query("SELECT * FROM `users` WHERE name='" . $name . "'")
or die('Query failed: ' . mysql_error());
echo "Starting fetch process.<span style='display: block;'></span>";
while($vars = mysql_fetch_array($info))
{
echo "Inside fetch process, finding info = okay<span style='display: block;'></span>";
echo "Starting name check<span style='display: block;'></span>";
if($name == $vars['name'])
{
echo "Name check passed.<span style='display: block;'></span>";
echo "Starting password check.<span style='display: block;'></span>";
if($password == md5($vars['password']))
{
echo "Password check passed.<span style='display: block;'></span>";
echo $vars['CharacterName'] . "\t" . $gameversion . "";
}else{
echo "Password check failed.<span style='display: block;'></span>";
}
}else{
echo "Name check failed.<span style='display: block;'></span>";
}
}
}else{
echo "Pull process failed.<span style='display: block;'></span>";
}
?>
With your code:
Starting pull process.
Inside pull process.
name, password, key =
hashStarting fetch process.
Inside fetch process, finding info = okay
Starting name check
Name check failed.
@tw1st3d Further testing. Similar problem as with bompi88's code, but this time php doesn't find any name on the database
Received name: Dev2
DB name:
add
echo $vars['name'];
RIGHT before
if($name == $vars['name'])
@tw1st3d Done, php outputs nothing. Changed all $vars['var_here'] to $vars['Var_here']. It works Such a stupid thing...
That means your tables row name is capitalized. You can change that through your database manager.
Answer by bompi88 · Jul 25, 2013 at 10:01 AM
This is somewhat what I would have done. It's neither perfect or tested, but maybe it helps somehow.
Updated:
<?php
$gameversion = "1.0";
// Get input data
$name = $_GET['name'];
$password = $_GET['password'];
$hash = $_GET['hash'];
$Key = "Universe";
if(md5($name . $password . $Key) == $hash){
// Override default html content-type
header("Content-Type: text/plain");
// Connect to the DB
$pdo = new PDO('mysql:host=localhost;dbname=myDB;charset=utf8', 'mySQLusername', 'mySQLpassword');
$msql = $pdo->prepare('SELECT * FROM `users` WHERE name=:name');
$msql->bindParam(':name', $name, PDO::PARAM_STR);
$msql->execute();
if ($msql->rowCount() > 0) {
$info = $msql->fetch(PDO::FETCH_ASSOC);
// If passwords in the database are hashed, as they should be.
if($password == $info['password']){
echo $info['CharacterName'] . "\t" . $gameversion . "\n";
} else {
echo "Hashed passwords don't match";
}
} else {
echo "No entity with that name found in database, or something wrong with SQL statement.";
}
} else {
echo "Something's wrong with either of the get inputs, which results in mismatch of the hashes.";
}
?>
Helps, but now I'm getting just some Hosting24 analytics code
<!-- Hosting24 Analytics Code -->
<script type="text/javascript" src="http://stats.hosting24.com/count.php"></script>
<!-- End Of Analytics Code -->
Which surprise me because I have just pasted the correct host, user database and password to your php code and I haven't enabled any type of analytic or tracking feacture in the user panel
Ok, it's not writing out character name/game version etc? How to disable the analytics?
Updated my code, do you get one of those error messages I put in there?
Shouldn't variable 'name' inside:
... + "&hash=" + $$anonymous$$d5Sum(name + $$anonymous$$d5Sum(password) + "Universe")
in your JS be 'username'?
Your answer
Follow this Question
Related Questions
A node in a childnode? 1 Answer
Setting up Unity Steer 0 Answers
Put user list in 2d array 1 Answer
Unity 3 GD HotShot-Tutorial Problem with an C#-Array 1 Answer