Help Please with High Scores Over Internet with iPhone

Previous topic - Next topic

ggindlesperger

I have been trying to get an iPhone app to talk over the Internet to a high score server. I've tried various tutorials and examples from the forums and the GLBasic tutorials and projects include in the SDK download. I seem to be able to get things to work when I build and run from the SDK, but I get nothing once it is installed on the iPhone. I do have access to my own web server, but I am a novice and PHP. I've done some things in PHP, but not sure how I would get this to interact with an iPhone.

Basically I want the iPhone to access the high scores from a server on the Internet and if the player gets a high score I want it to submit that to the server and the server to update accordingly. I've been working at this and had no luck on iPhone. I was beginning to wonder if maybe GLBasic will not do this on the iphone. I seem to have some success modifying tutorials and samples in Windows, but when I compile for iPhone I get text and graphics but not network things I expected. I guess I need some help on the iPhone and server end.

Any help would be greatly appreciated.
Gary

XanthorXIII

Even though I haven't done anything like that before, have you tried connecting while on Wi-Fi? It could be an issue over ATT's network.
Owlcat has wise

ggindlesperger


matchy

NETWEBGET$ should return the HTML page contents.  :P Does it?

Moebius

For PHP interaction, you should be able to use NETWEBGET.  You can create a php script which creates a webpage listing the highscores, which is then downloaded by your program by simply requesting the webpage.  For submitting high scores, I'd be tempted to use NETWEBGET with 'GET' method variables on the end of the url, i.e.:
NETWEBGET("www.mygame.com", "highscores/submit.php?name=Serpent&score=999", 80, 99999)

Then, you can use PHP scripting to retrieve the values for 'name' and 'score', write them to a MySQL table or something.
Then, for the highscore list page, you can use PHP scripting to retrieve, say, the top 10 scores from the MySQL table, 'echo' them into a nice list, and then interpret this list in GLBasic using SPLITSTR or similar commands.
Endless Loop: n., see Loop, Endless.
Loop, Endless: n., see Endless Loop.
- Random Shack Data Processing Dictionary

ggindlesperger

Thanks so much for the replies. I really appreciate it. I'l give it a try.

ggindlesperger

Your posts were a big help. I belive I am almost there. I have been able to read a file from the webserver and send data to the webserver and have it write the data to the file on the webserver. I have one issue I am guessing I just do not know the syntax.

Here is the example Serpent gave me.

NETWEBGET("www.mygame.com", "highscores/submit.php?name=Serpent&score=999", 80, 99999)

What I need to know is how you get this to submit variables and not the text following the equal sign. Example would be I want Serpent replaced by the variable player1$. When I just replace the name with the variable, the name of the variable is what is written to the file and not the actual contents of the variable.

I believe if I get this I'll be in the clear.

Thanks in advance for all the help,
Gary

Moru

NETWEBGET("www.mygame.com", "highscores/submit.php?name=" + Serpent$ + "&score=" + (score), 80, 99999)

If you add together variables you have to be careful with +, it might not work as you expect so always use ( ) around the variable for safety. Adding trings together works as expected though so no () needed.

ggindlesperger


Moebius

One problem with this method is that if someone finds out how to access the highscores page and how the scores are saved, they could type this into their browser:

'www.mygame.com/highscores/submit.php?name=Hacker&score=99999999999999999'

And then a guy with a ridiculous score will be on your high scores list.  You could make it harder for anyone to do this by using the POST method for submitting variables rather than the GET method, so that the vars aren't stored at the end of the web address, but this would require more difficult coding in GLBasic, and it will be very hard for people to find out the highscore address and variable names anyway when the app is running on their iPhone.

One thing you may need need to look out for is 'sanitising' your variables and using escape codes.  If I was trying to hack your highscores list I'd enter something like:
Serpent&score=99999999999999&
for my name, so that when the name is put into the URL, the address will look like:
'www.mygame.com/highscores/submit.php?name=Serpent&score=99999999999999&&score=65'

I'm not sure what would happen to the 'score' variable in php (i.e. if it will read the first hacked one due to the syntax error of two '&'s, or if it will read the last one because it is the last variable), but you can see that unless you use URL escape characters (i.e. things like %20), people can mess with their string inputs like their name and produce strange results, and possibly 'hacking' the highscore system.

If you're as paranoid as I am and can be bothered to do this, you will need to convert the 'danger' characters into hexadecimal values for the escape characters, or alternatively you could convert every character into a URL escape character when submitting it.

None of this will probably be necessary anyway :P, but if you have some hacker friends...
Endless Loop: n., see Loop, Endless.
Loop, Endless: n., see Endless Loop.
- Random Shack Data Processing Dictionary

Moru

I would realy want to know how to send POST with GLBasic but I have not figured out how to do that without making my own socks code and that quickly gets too complicated. If I remember right, I send the base64 encoded name and score and sign it with my own simple encryption and a secret code and some salt for the PHP to check the signature against the name/score combo. Takes care of most hackerfriends even though it's not totally safe.

The problem with double && in the URL is no problem for PHP, it just reads &score= and you get a variable $score = (int) $_GET['score']; and it's perfectly safe.

All this can be checked out on my homepage in the highscore example.

There was some post on the board with some proper encryption lately I think but I'm too lazy to search for it with those 15 sec timers on each search...

MrTAToad

Why not use ENCRYPT$ - which is 128-bit Blowfish (there is no effective cryptanalysis on the full-round version of Blowfish known publicly as of 2010) - its makes mine encryption routines rather redundant :)

Kuron

ggindlesperger:  Don't feel bad, I have been trying to get online highscores working in my game for years :D

ggindlesperger

Ok I though things were fine until I put them on the iPod. What I have it doing for testing is loading in a scores.ini file with some names and scores. It then figures out who has the highscore and sends it to the server. The server is to create another ini file that just lists the name and highcore. To this point I am just playing around and do not really have a functioning game with it. Just simple code to learn how this can work. Here is the line with the problem:

NETWEBGET("192.168.137.112", "/scores.php?name=" + highplayer$ +  "&score=" + (highscore), 80, 99999)

I have 2 PC's side by side. One is acting as a server with PHP. When I build and run from Windows in the IDE it works fine and creates the file I made that has multiple names and scores in it on the server. From the iPod it does not. It retrieves the file and figures out the high score and shows it on the screen, but does not then send that data to the server for the high score file to be created.

Thanks

Moru

Quote from: MrTAToad on 2010-Sep-11
Why not use ENCRYPT$ - which is 128-bit Blowfish (there is no effective cryptanalysis on the full-round version of Blowfish known publicly as of 2010) - its makes mine encryption routines rather redundant :)

Because I have no idea how to set up mcrypt in PHP to correctly decrypt this... But great command, didn't know it existed, thanks :-)