(I hope this thread is in the right place)
2014-03-11
Hello, I was looking around the web to find myself a fast and simple login script for Unity3D. I found a few but they did not work for me since my hosting provider has It’s limitations and a very high securty.
For one, My hosting provider’s MySQL can only accept up to 24 connections.
A lot of the login systems that I found used up more connections than that(I know why now… After I made my script, sadly.).
Secondly, My hosting provider has the MySQL “locked” internally and not aviable to the internet. No way of connecting to it directly so this connection has to be made from the PHP file or the server itself.
There are even more limitations but I couldn’t find something I liked enough… So, I decided to create my own Account System for Unity3D (php-API = “middle-man”.)
My plan is to include Login, Register Get Information (FOR Hi-Score, Multiple characters, etc) ALL php-MySQL based.
Everything inside the “Scene” can be moved around by dragging the values of each object in the “Scene” via Editor Inspector so you could easily modify/customize your login/register -screen how you would like it to be.
(Much of it will be written in PHP and C#.)
However, It’s been a very long time since I was programming now and I tried my best since much of the knowledge I once had was buried deep. I wanted it to be safe(SQL injection safe etc), well commented and easy to understand which I hope/think I did.
If this project is not interesting to the community, It would not matter. I will still work on this project since I just remembered how much I love programming so this will be my new hobby for a while. 
( Off work hours 
)
(The database has a total of 7 Information table rows right now (I’m only using 3 of them in the array) but could be expanded if the need for more ever came up)
<?php
include("config.php");
//Variables
$secure = $_POST['secureKeyLogin']; // Get the security-KEY from the client to get access to script and information.
$ip = $_SERVER['REMOTE_ADDR']; // Get the remote IP to match with the desired account.
if($secure == "secure?"){ // Check if the security-KEY match with client.
$db = mysql_connect("".$host."","".$hostUser."","".$hostPass."") or die("Could not connect to database."); // Connecting to the MySQL database.
mysql_select_db(''.$hostDB.'') or die('The database does not exist.'); // Selecting the database.
$username = mysql_real_escape_string($_POST['username']); // Username is MySQL injection safe.
$password = mysql_real_escape_string(md5($_POST['password'])); // Password is MySQL injection safe and MD5 encrypted for safety keeping.
if(!empty($_POST['username']) !empty($_POST['password'])) // Checking if both Username and Password was sent.
{
$sql = "SELECT * FROM `accounts` WHERE `username`='".$username."'"; // This is the query to the database matching the usernames.
$result = mysql_query($sql);// Adding a query with the previous query-info AS variable: $result.
while ($row = mysql_fetch_assoc($result)) { // Query the $result variable searching for the $sql variable information provided my $username variable.
$array = array( // Save the information in variable $array.
"user" => $row['username'],
"pass" => $row['password'],
"ip" => $row['ip'],
);
}
if (!$result) {// Variable $result encountered an error/problem.
mysql_free_result($result); // Free memory from $result
mysql_close(); // Close MySQL database connection.
die("Results gave an error.");
}
$numrows = mysql_num_rows(mysql_query($sql)); // Check for the information
if ($numrows == 0) // Provided info gave no result.
{
if($username == ""){ // Check the Username in the database.
//The query came up empty because Username was empty.
mysql_free_result($result); // Free memory from $result
mysql_close(); // Close MySQL database connection.
die("Enter something before querying the database.");
} else
{
//The query came up empty. No such Username exists.
mysql_free_result($result); // Free memory from $result
mysql_close(); // Close MySQL database connection.
die("Username does not exist.");
}
}
else // The username was found, proceed!
{
if($password == $array['pass'] $username == $array['user']) // Check if user entered the correct Login information to this specific account.
{
if($ip == $array['ip']) // Check to see if the IP is the same as the account is registered from.
{
//Get the success information here!
mysql_free_result($result); // Free memory from $result
mysql_close(); // Close MySQL database connection.
die("login-Successful");
}
else//The IP-verification failed. The account was created elsewhere or the IP has changed.
{
mysql_free_result($result); // Free memory from $result
mysql_close(); // Close MySQL database connection.
sendMailTo(); // Run function "sendMailTo" to send a verify login mail. (Security)
}
}
else
{
// The password did not match the account username.
mysql_free_result($result); // Free memory from $result
mysql_close(); // Close MySQL database connection.
die("Username and password you entered is invalid.");
}
}
}
else // Both Username and Password was not provided.
{
die ("Please enter both username and password to proceed.");
}
}
else // If the Client did not pass with the security-KEY provided or none at all.
{
sendMailToAdmin(); // Run function sendMailToAdmin.
}
function sendMailTo() { // (Security) If the IP-adress does not match... Send a mail to the specified adress to grant login access.
//Send the mail to the user.
die("Your account was not created with this IP. Please verify though the e-mail we sent you.");
}
function sendMailToAdmin() { // (Security) If the IP-adress does not match... Send a mail to the specified adress to grant login access.
//Send the mail to admin or store the IP in a database with information about which S-Key he used and all other $_POST data he tried sending.
die("Saving your information. You will be investigated.");
}
?>
(All Im sending is the username and password with the SecureKeyLogin which have to match the one on the API.)
WWWForm form = new WWWForm();
form.AddField("username", username);
form.AddField("password", password);
form.AddField("secureKeyLogin", secureKeyLogin);
WWW phpLoginAPI = new WWW(accountLogin, form);
StartCoroutine(Login(phpLoginAPI));
Greetings, N0tiC
