BASIC

Author Topic: Netwebget$  (Read 464 times)

Offline MrPlow

  • Prof. Inline
  • *****
  • Posts: 1558
    • View Profile
Netwebget$
« on: 2019-Oct-31 »
For those that might experience this issue in v16

I notice strange block chars appearing in my highscore tables at the start and end of a netwebget$.
It must be unicode issue or something...

Below is my fix for the issue..

Code: GLBasic [Select]
scoretable$=NETWEBGET$("www.domain.com","/scoresxxxxxx.php",80,512,4000)

// cleanup string
LOCAL mstr$
FOR x = 1 TO LEN(scoretable$)
mstr$=MID$(scoretable$,x,1)
  IF ASC(mstr$)<32 OR ASC(mstr$)>96
      IF mstr$="|" THEN newscore$=newscore$+mstr$
  ELSE
      newscore$=newscore$+mstr$
  ENDIF
NEXT
 



« Last Edit: 2019-Oct-31 by MrPlow »
Comp:
Speccy-48k, Speccy-128k, Amigas, PCs

Offline erico

  • Community Developer
  • Prof. Inline
  • ******
  • Posts: 4239
    • View Profile
    • Portfolio
Re: Netwebget$
« Reply #1 on: 2019-Nov-01 »
Nice! That is something I should try to add to my games, but I suck with everything netwise.

Offline Moru

  • Administrator
  • Prof. Inline
  • *******
  • Posts: 1781
    • View Profile
    • Homepage
Re: Netwebget$
« Reply #2 on: 2019-Nov-01 »
Make sure you clean up the data on the server side also, or you will get funny people sending garbage to your server with javascript :-)

Offline MrPlow

  • Prof. Inline
  • *****
  • Posts: 1558
    • View Profile
Re: Netwebget$
« Reply #3 on: 2019-Dec-03 »
Yes - true!
I think i have code value there that needs to be provided from the game to accept the Form Post.

Not 100% but stops a lot of messing.
Comp:
Speccy-48k, Speccy-128k, Amigas, PCs

Offline Moru

  • Administrator
  • Prof. Inline
  • *******
  • Posts: 1781
    • View Profile
    • Homepage
Re: Netwebget$
« Reply #4 on: 2019-Dec-04 »
A hardcoded value or a byte hash of the whole request including the values and a secret salt? If you just do a hardcoded value it's easy to read it out with a proxy or network sniffer. If you include an encrypted field with time code and the hash of the whole URL, it gets a lot harder to fake. I did something similar about 10 years ago but seems the files are not on the forum any more. If interested I could dig it out but it's most likely not working any more, think the encryption commands work differently both in php and GLBasic now.

Offline MrPlow

  • Prof. Inline
  • *****
  • Posts: 1558
    • View Profile
Re: Netwebget$
« Reply #5 on: Yesterday at 02:50 PM »
On new ones I included a computed value with a salt added - then php code to extract the value - if passed then it was accepted...
now I only did this with newer scoretables - older ones are bit more loose...

Comp:
Speccy-48k, Speccy-128k, Amigas, PCs