GLBasic forum

Main forum => Bug Reports => Topic started by: MrPlow on 2019-Oct-31

Title: Netwebget$
Post by: MrPlow on 2019-Oct-31
For those that might experience this issue in v16

I notice strange block chars appearing in my highscore tables at the start and end of a netwebget$.
It must be unicode issue or something...

Below is my fix for the issue..

Code: (glbasic) [Select]

// cleanup string
LOCAL mstr$
FOR x = 1 TO LEN(scoretable$)
  IF ASC(mstr$)<32 OR ASC(mstr$)>96
      IF mstr$="|" THEN newscore$=newscore$+mstr$

Title: Re: Netwebget$
Post by: erico on 2019-Nov-01
Nice! That is something I should try to add to my games, but I suck with everything netwise.
Title: Re: Netwebget$
Post by: Moru on 2019-Nov-01
Make sure you clean up the data on the server side also, or you will get funny people sending garbage to your server with javascript :-)
Title: Re: Netwebget$
Post by: MrPlow on 2019-Dec-03
Yes - true!
I think i have code value there that needs to be provided from the game to accept the Form Post.

Not 100% but stops a lot of messing.
Title: Re: Netwebget$
Post by: Moru on 2019-Dec-04
A hardcoded value or a byte hash of the whole request including the values and a secret salt? If you just do a hardcoded value it's easy to read it out with a proxy or network sniffer. If you include an encrypted field with time code and the hash of the whole URL, it gets a lot harder to fake. I did something similar about 10 years ago but seems the files are not on the forum any more. If interested I could dig it out but it's most likely not working any more, think the encryption commands work differently both in php and GLBasic now.
Title: Re: Netwebget$
Post by: MrPlow on 2019-Dec-05
On new ones I included a computed value with a salt added - then php code to extract the value - if passed then it was accepted...
now I only did this with newer scoretables - older ones are bit more loose...