online high scores tutorial

[Moru]

Why make it so complicated? Just make your game access this url: "www.yourpage.com/highscore/index.php?game=maze&name=Moru&score=54321"

In PHP you pick up the variables and write them to a file or a database.

The GL-Basic code is in the samples directory already, just have a look at it.

[bigsofty]

can=cant?

Woops! hehe, Im sure I fixed that with an 'edit', nm... thanks bud.

Yep, FTP should be just as good IMHO.

[Moru]

In this thread, first page both me and Gernot is pointing out wich command in the helpfile and what game in the samples directory has the important parts. You don't even need to know anything outside GL-Basic because Gernot has it all prepared already.

The idea of letting the game access an FTP-server is too insecure, that would mean anyone could change your entire homepage by using just a normal firewall to see what page you are accessing since that gives away both the username and password. You can't even change the password since that would break your game.

[Hemlos]

The idea of letting the game access an FTP-server is too insecure, that would mean anyone could change your entire homepage by using just a normal firewall to see what page you are accessing since that gives away both the username and password.

Youre right, firewalls can produce names and passwords in a log file...some firewalls, not all...

Results of such URL reporting software existing: About serverside security:
1. call to update the PHP to update a score, is insecure at the executable game level. result: cheatable
2. call to ftp is even less secure revealing name and password of website. result: cheatable, hackable

And while we're on this subject...
Results of such URL reporting software existing: About user side security:
1. We can assume malicious programmers exist because malicious players exist?
Example: A game with a file reader/writer to pass NETWEBGET() the reportbacktomyphp.php?log=morusfirewallsecurity.log&website=ftp.aol.com&user=moru&pwd=morurulz and add something to delete the lines from that log, to hide the url webget tracers.

Ultimately my Observations are not settling.... Access to the internet via ANY GLBasic application using NETWEBGET() is insecure for both a user, and for a server at some level.
I would like to expunge my ideas for adding NETWEBPUT(). heh. (im deleting my previous post)
I would like to vote for removing the netwebget() command in place of some more secure method of transfering data over the internet: telnet? hahah, i am no longer going to dwell on this subject, i found it unsettling for my stomach.

[Kitty Hello]

No, do _not_ use FTP. When you upload something, script kids can backtrace what you send, thus they have your FTP password. They will eventually delete all your content.
PHP is the way to go.
As mentioned: There is a GLBasic.com hosted online highscrore for games in the showroom, just contact me.
I can also send you the php code for the server part if you want. It's really easy.

[Moru]

It would be nice with some hash-function in GL-Basic, this would make it slightly less easy to cheat/hack. I have created my own but since I'm no cryptoanalyzer I don't know how secure it is. But at least there won't be a scriptkiddy able to hack this too easily :-) I have now tested a PHP-GL-Basic solution with my simple hash algorithm and it seems to work nicely in my game.

[bigsofty]

You can create an anonymous non-executable/domain restricted/upload size restricted (now that's a mouthful! ) FTP folder quite easily? Its all down to your permissions/FTP server settings.

[bigsofty]

Why make it so complicated? Just make your game access this url: "www.yourpage.com/highscore/index.php?game=maze&name=Moru&score=54321"

In PHP you pick up the variables and write them to a file or a database.

The GL-Basic code is in the samples directory already, just have a look at it.

Hehe that what I suggested, that's actually posting a form using the http 'get' method with an encoded field in the URL... obviously sending the high score with some sort of checksum to stop cheating would be a good thing

[Hemlos]

Aye for highscores...ftp is not the answer. FTP could have some uses elsewhere tho, with login names and passwords being sent by individual user to directly access thier own personal websites. I thought the ability to upload using glbasic was a good idea. But for this intention of highscores..no...just a brainstorm for kurons situation.

PHP with encryption as moru suggests is a fantastic and viable idea.

However, in Kurons case, he doesnt really have access or ability to build a data reader using it, or am i wrong?

In a case where someone has permission to have a webserver, i still suggest making a highscoreserver.exe using glbasics direct play command library. Ive done this myself((i have a skeleton somewhere precoded)) and it works fast and efficiently..no need to add encryption as far as i know, and you can solely rely on glbasic to handle all scores internally without internet software.

[Kitty Hello]

OK, who's gonna wrap MD5 then?

[Hemlos]

OK, who's gonna wrap MD5 then?

LOL hk, not enough time here...

Though md5 and other encryption algorithms are available on the net...
If i need to do encryption, im going to use my ovaltine decoder ring heheh

Isnt the internet wonderful, you can find so much usele err useful info..
The Ovaltine Magic Decoder Ring: