koobas.hobune.stream
Trying to get server side highscores working with MySQL. Apparently I need a Secret Key for my database. What is that? How do I get one?
I'm trying to follow this tutorial for highscores using a MySQL database:
http://wiki.unity3d.com/index.php?title=Server_Side_Highscores
Everything seems to be fine except for on the last script:
using UnityEngine;
using System.Collections;
public class HSController : MonoBehaviour
{
private string secretKey = "mySecretKey"; // Edit this value and make sure it's the same as the one stored on the server
public string addScoreURL = "http://localhost/unity_test/addscore.php?"; //be sure to add a ? to your url
public string highscoreURL = "http://localhost/unity_test/display.php";
void Start()
{
StartCoroutine(GetScores());
}
// remember to use StartCoroutine when calling this function!
IEnumerator PostScores(string name, int score)
{
//This connects to a server side php script that will add the name and score to a MySQL DB.
// Supply it with a string representing the players name and the players score.
string hash = MD5Test.Md5Sum(name + score + secretKey);
string post_url = addScoreURL + "name=" + WWW.EscapeURL(name) + "&score=" + score + "&hash=" + hash;
// Post the URL to the site and create a download object to get the result.
WWW hs_post = new WWW(post_url);
yield return hs_post; // Wait until the download is done
if (hs_post.error != null)
{
print("There was an error posting the high score: " + hs_post.error);
}
}
// Get the scores from the MySQL DB to display in a GUIText.
// remember to use StartCoroutine when calling this function!
IEnumerator GetScores()
{
gameObject.guiText.text = "Loading Scores";
WWW hs_get = new WWW(highscoreURL);
yield return hs_get;
if (hs_get.error != null)
{
print("There was an error getting the high score: " + hs_get.error);
}
else
{
gameObject.guiText.text = hs_get.text; // this is a GUIText that will display the scores in game.
}
}
}
See the variable near the top that says "secretKey"? It also says "Edit this value to make sure it's the same as the one stored on the server". I don't know what it means. I never add a "secret key" on my MySQL database, and before now I have never heard of it. Tried Googling already, nothing useful comes up. If it makes any difference I'm hosting this MySQL database on GoDaddy. (apparently, free MySQL databases come with my current website hosting plan so I decided to take advantage of that)
The actual question:
What is this "Secret Key" and how do I add one to my MySQL database so I can use the script above? Thanks.
It is just a key used in the PHP source code, it is not a value that is placed in the database. If the correct key is not passed to the PHP source, this block
if($real_hash == $hash)
{
// Send variables for the MySQL database class.
$query = "insert into scores values (NULL, '$name', '$score');";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
}
will not be entered and the database will not be updated. Lets say you want to add 10 points to a player with the name John Doe in the database and your secret key is 123456, When posting to the database your URL string should look something like this
http://localhost/unity_test/addscore.php?name=John%20Doe&score=10&hash=123456
and 10 points will be added to the player John Doe. But if this was sent instead
http://localhost/unity_test/addscore.php?name=John%20Doe&score=10&hash=234561
then nothing would be added to the player. If anyone knows what the secret key, they could change score values - so in reality this is not so secure because they could do something like this using a browser
http://localhost/unity_test/addscore.php?name=John%20Doe&score=10000000&hash=123456
