koobas.hobune.stream
unable to get current user name and add to mysql database through unity web player on wordpress
Hello Unity community!
I've run into a devilish problem while developing a game portal for a social network site built on top of wordpress and I'm about at my wits end.
From the game's HSController javascript I'm attempting to retrieve the current (logged in) user's name through a php file (getCurrentUser.php) that calls the wordpress function wp_get_current_username
Once the javascript gets the username, it posts that username and score to addscore.php so it can be committed to the right table on the database.
To sum up the flow of the scripts HSController.js -> getCurrentUser.php -> userNames.php -> HSController.js -> addscore.php
I followed the example from this tutorial (which assumed the script had the name): http://www.unifycommunity.com/wiki/index.php?title=Server_Side_Highscores
The only problem is that it doesn't actually post the user's name to the table. An entry IS inserted with the correct score BUT the name is blank.
I am thinking that this is some kind of security issue that denies ?requests? from outside sources (such as the webplayer scripts).
I've tried several workarounds such as:
1) storing the users's 'playername' in a session variable whenever the user logs in (when user.php's wp_signon function is called)
2) hacking around with the way wp_get_current_user works in pluggable.php (a wordpress file)
3) abandoning trying to get the logged in user's name from the script side and just getting it from the server side (see the commented out code in addscore.php and HSController.js).
but 1, 2, and 3 all have the same affect as what I first tried.
I've also made sure the the crossdomain.xml file is at the root of my web service: www\kidgab
and my scripts are in the following directory: C:\wamp\www\kidgab\wp-content\plugins
so nothing seems to work.
Can anyone help me figure out what to do?
Here's my code.
getCurrentUser.php
<?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/** Loads the WordPress Environment and Template */
//if I comment all the code out below and in userNames.php, I can get 'strawberries' posted as the user name.
//echo 'strawberries';
//I've tried storing the users's 'playername' in a session variable whenever the user logs in (when user.php's wp_signon function is called) but that doesn't seem to work...
//session_start();
//echo $_SESSION['playername'];
//it seems that including this statement is the core of the problem. including causes the name field in the highscores database to be blank.
require('../../wp-blog-header.php');
?>
<?php
// this file/page is called by the .unity3d file in the Unity Web Player
// by a HSscript that requests the user's name (which we give to them in userNames.php)
//echo 'pineapples';
if(function_exists('getCurrentUser'))
{
getCurrentUser();
}
else
{
echo 'getCurrentUser function doesn\'t exist!';
}
?>
userNames.php
<?php
/*
Plugin Name: getCurrentUser
Plugin URI: http://URI_Of_Page_Describing_Plugin_and_Updates
Description: Prints out the current user.
Version: 1.0
Author: Ross Peterson
Author URI: http://website_of_the_author
License: GPL
*/
//Note: this function is called from getCurrentUser.php
// which is called by the .unity3d file in the Unity Web Player
// by a HSscript that requests the user's name (which we give to them here!)
function getCurrentUser()
{
//echo 'apples';
//global $current_user;
$current_user = wp_get_current_user();
if( 0 == $current_user->ID )
{
//Not logged in
echo 'anonymous';
//echo 'bananas';
//return 'anonymous';
}
else
{
//logged in
//echo 'oranges';
echo $current_user->user_nicename;
//return $current_user->user_nicename;
//$user_info = get_userdata($current_user->ID);
//$nicename = $user_info->user_nicename;
//echo $nicename;
}
}
?>
addscore.php
<?php
/*
Plugin Name: addscore
Plugin URI: http://URI_Of_Page_Describing_Plugin_and_Updates
Description: adds scores to the database when called from the outside
Version: 1.0
Author: Ross Peterson
Author URI: http://website_of_the_author
License: GPL
*/
//require('../../wp-blog-header.php');
//get the game id from the URL
$gamename = "";
if(isset($_GET['gamename']))
{
$gamename = mysql_real_escape_string($_GET['gamename']);
//echo '<h4> id = '.$gameid.'</h4>';
}
$db = mysql_connect('localhost', 'root', '') or die('Could not connect: ' . mysql_error());
mysql_select_db('kidgab') or die('Could not select database');
// Strings must be escaped to prevent SQL injection attack.
//$name = mysql_real_escape_string(getCurrentUser());
//$gamename = mysql_real_escape_string($_GET['gamename'],$db);
$name = mysql_real_escape_string($_GET['name'], $db);
//echo $name;
$score = mysql_real_escape_string($_GET['score'], $db);
$hash = $_GET['hash'];
$secretKey="my secret key";
# Change this value to match the value stored in the client javascript below
// In wordpress wp-config.php: AUTH_KEY
$real_hash = md5($name . $score . $secretKey);
//$real_hash = md5($score . $secretKey);
if($real_hash == $hash) {
// Send variables for the MySQL database class.
$query = "INSERT INTO `" . $gamename . "_scores` VALUES (null, '$name', '$score');";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
// echo 'real has good; insertion complete';
}
// else
// {
// echo 'bad hash';
// }
?>
HSController.js
//script to put the GUI Text scores on
var pointTrackerGUIScript;
//Hash Script
var Md5Script;
// Edit this value and make sure it's the same as the one stored on the server
//In wordpress wp-config.php: AUTH_KEY
private var secretKey="my secret key";
//be sure to add a ? to your url
//var addScoreUrl="http://localhost/kidgab/wp-content/plugins/addscore.php?";
var addScoreUrl;
var highscoreUrl;
var userNameToGui;
var nameCanBeDisplayed;
function Awake()
{
addScoreUrl="http://localhost/kidgab/wp-content/plugins/addscore.php?gamename=porcufishpirates";
highscoreUrl="http://localhost/kidgab/wp-content/plugins/display.php?gamename=porcufishpirates";
}
function Start() {
pointTrackerGUIScript = GameObject.Find("PointTrackerGUI").GetComponent("PointTrackerGUI");
Md5Script = GameObject.Find("MD5HashGenerator").GetComponent("MD5HashGenerator");
//addScoreUrl="http://localhost/kidgab/wp-content/plugins/addscore_porcufishpirates.php?";
//highscoreUrl="http://localhost/kidgab/wp-content/plugins/display_porcufishpirates.php";
addScoreUrl="http://localhost/kidgab/wp-content/plugins/addscore.php?gamename=porcufishpirates";
highscoreUrl="http://localhost/kidgab/wp-content/plugins/display.php?gamename=porcufishpirates";
getScores();
}
function postScore(score) {
//Get the username of ther person logged in from the server
//if no one is logged in, the name will be 'anonymous'
var userNamesUrl="http://localhost/kidgab/wp-content/plugins/getCurrentUser.php";
//var userNamesUrl="http://localhost/kidgab/wp-content/plugins/userNames.php";
userName = WWW(userNamesUrl);
yield userName;
if(userName.error)
{
print("There was an error retrieving the user names: " + userName.error);
}
else
{
print("Current userName: " + userName.text);
}
var name = userName.text;
userNameToGui = name;
nameCanBeDisplayed = true;
var noWhitespaceRegex = new Regex("\\s+"); //all whitespace out
name = noWhitespaceRegex.Replace(name,'');
print("Current userName after trim: " + name);
//This connects to a server side php script that will add the name and score to a MySQL DB.
// Supply it ith a string representing the players name and the players score.
var hash=Md5Script.Md5Sum(name + score + secretKey);
//var hash=Md5Script.Md5Sum(score + secretKey);
//print("addScoreURL: " + addScoreUrl);
var highscoreUrl = addScoreUrl + "&name=" + WWW.EscapeURL(name) + "&score=" + score + "&hash=" + hash;
//var highscoreUrl = addScoreUrl + "&score=" + score + "&hash=" + hash;
print("addscoreUrlWithParams: " + highscoreUrl);
// Post the URL to the site and create a download object to get the result.
hs_post = WWW(highscoreUrl);
yield hs_post; // Wait until the download is done
if(hs_post.error) {
print("There was an error posting the high score: " + hs_post.error);
}
print("addscore text: " + hs_post.text);
}
I tried to do something similar, but I used System.Environment.UserName ins$$anonymous$$d -- works great in Editor and standalone, but not compatible with the web player unfortunately.
