connecting on existing phpbb3 dbase.

Hi all. i’m tired to connect my game(only for accesing control) on existing MySql dbase.
i’ve found this code in this forum:

private var formNick = ""; //this is the field where the player will put the name to login
private var formPassword = ""; //this is his password
var formText = ""; //this field is where the messages sent by PHP script will be in

var URL = "http://mywebsite/check_scores.php"; //change for your URL
var hash = "hashcode"; //change your secret code, and remember to change into the PHP file too

private var textrect = Rect (10, 150, 500, 500); //just make a GUI object rectangle

function OnGUI() {
	GUI.Label( Rect (10, 10, 80, 20), "Your nick:" ); //text with your nick
	GUI.Label( Rect (10, 30, 80, 20), "Your pass:" );

	formNick = GUI.TextField ( Rect (90, 10, 100, 20), formNick ); //here you will insert the new value to variable formNick
	formPassword = GUI.TextField ( Rect (90, 30, 100, 20), formPassword ); //same as above, but for password

	if ( GUI.Button ( Rect (10, 60, 100, 20) , "Try login" ) ){ //just a button
		Login();
	}
	GUI.TextArea( textrect, formText );
}

function Login() {
	var form = new WWWForm(); //here you create a new form connection
	form.AddField( "myform_hash", hash ); //add your hash code to the field myform_hash, check that this variable name is the same as in PHP file
	form.AddField( "myform_nick", formNick );
	form.AddField( "myform_pass", formPassword );
	var w = WWW(URL, form); //here we create a var called 'w' and we sync with our URL and the form
	yield w; //we wait for the form to check the PHP file, so our game dont just hang
	if (w.error != null) {
		print(w.error); //if there is an error, tell us
	} else {
		print("Test ok");
		formText = w.data; //here we return the data our PHP told us
		w.Dispose(); //clear our form in game
	}

	formNick = ""; //just clean our variables
	formPassword = "";
}

i need help to adapt this on controls of user and password for existing user in my forum.
The check control forum use theucp.php?mode=login

i’ce change the URL whit this:

var URL = "http://mywebsite/ucp.php?mode=login"; //change for your URL

and need help for fixing other var.

this is the ucp.php:
in next post-many char

<?php
/**
*
* @package ucp
* @version $Id: ucp.php 10090 2009-09-03 09:25:16Z acydburn $
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/

/**
* @ignore
*/
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require($phpbb_root_path . 'common.' . $phpEx);
require($phpbb_root_path . 'includes/functions_user.' . $phpEx);
require($phpbb_root_path . 'includes/functions_module.' . $phpEx);

// Basic parameter data
$id 	= request_var('i', '');
$mode	= request_var('mode', '');

if ($mode == 'login' || $mode == 'logout' || $mode == 'confirm')
{
	define('IN_LOGIN', true);
}

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup('ucp');

// Setting a variable to let the style designer know where he is...
$template->assign_var('S_IN_UCP', true);

$module = new p_master();
$default = false;

// Basic "global" modes
switch ($mode)
{
	case 'activate':
		$module->load('ucp', 'activate');
		$module->display($user->lang['UCP_ACTIVATE']);

		redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
	break;

	case 'resend_act':
		$module->load('ucp', 'resend');
		$module->display($user->lang['UCP_RESEND']);
	break;

	case 'sendpassword':
		$module->load('ucp', 'remind');
		$module->display($user->lang['UCP_REMIND']);
	break;

	case 'register':
		if ($user->data['is_registered'] || isset($_REQUEST['not_agreed']))
		{
			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
		}

		$module->load('ucp', 'register');
		$module->display($user->lang['REGISTER']);
	break;

	case 'confirm':
		$module->load('ucp', 'confirm');
	break;

	case 'login':
		if ($user->data['is_registered'])
		{
			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
		}

		login_box(request_var('redirect', "index.$phpEx"));
	break;

	case 'logout':
		if ($user->data['user_id'] != ANONYMOUS  isset($_GET['sid'])  !is_array($_GET['sid'])  $_GET['sid'] === $user->session_id)
		{
			$user->session_kill();
			$user->session_begin();
			$message = $user->lang['LOGOUT_REDIRECT'];
		}
		else
		{
			$message = ($user->data['user_id'] == ANONYMOUS) ? $user->lang['LOGOUT_REDIRECT'] : $user->lang['LOGOUT_FAILED'];
		}
		meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));

		$message = $message . '

' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a> ');
		trigger_error($message);

	break;

	case 'terms':
	case 'privacy':

		$message = ($mode == 'terms') ? 'TERMS_OF_USE_CONTENT' : 'PRIVACY_POLICY';
		$title = ($mode == 'terms') ? 'TERMS_USE' : 'PRIVACY';

		if (empty($user->lang[$message]))
		{
			if ($user->data['is_registered'])
			{
				redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
			}

			login_box();
		}

		$template->set_filenames(array(
			'body'		=> 'ucp_agreement.html')
		);

		// Disable online list
		page_header($user->lang[$title], false);

		$template->assign_vars(array(
			'S_AGREEMENT'			=> true,
			'AGREEMENT_TITLE'		=> $user->lang[$title],
			'AGREEMENT_TEXT'		=> sprintf($user->lang[$message], $config['sitename'], generate_board_url()),
			'U_BACK'				=> append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),
			'L_BACK'				=> $user->lang['BACK_TO_LOGIN'],
		));

		page_footer();

	break;

	case 'delete_cookies':

		// Delete Cookies with dynamic names (do NOT delete poll cookies)
		if (confirm_box(true))
		{
			$set_time = time() - 31536000;

			foreach ($_COOKIE as $cookie_name => $cookie_data)
			{
				// Only delete board cookies, no other ones...
				if (strpos($cookie_name, $config['cookie_name'] . '_') !== 0)
				{
					continue;
				}

				$cookie_name = str_replace($config['cookie_name'] . '_', '', $cookie_name);

				// Polls are stored as {cookie_name}_poll_{topic_id}, cookie_name_ got removed, therefore checking for poll_
				if (strpos($cookie_name, 'poll_') !== 0)
				{
					$user->set_cookie($cookie_name, '', $set_time);
				}
			}

			$user->set_cookie('track', '', $set_time);
			$user->set_cookie('u', '', $set_time);
			$user->set_cookie('k', '', $set_time);
			$user->set_cookie('sid', '', $set_time);

			// We destroy the session here, the user will be logged out nevertheless
			$user->session_kill();
			$user->session_begin();

			meta_refresh(3, append_sid("{$phpbb_root_path}index.$phpEx"));

			$message = $user->lang['COOKIES_DELETED'] . '

' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
			trigger_error($message);
		}
		else
		{
			confirm_box(false, 'DELETE_COOKIES', '');
		}

		redirect(append_sid("{$phpbb_root_path}index.$phpEx"));

	break;

	case 'switch_perm':

		$user_id = request_var('u', 0);

		$sql = 'SELECT *
			FROM ' . USERS_TABLE . '
			WHERE user_id = ' . (int) $user_id;
		$result = $db->sql_query($sql);
		$user_row = $db->sql_fetchrow($result);
		$db->sql_freeresult($result);

		if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'] || !check_link_hash(request_var('hash', ''), 'switchperm'))
		{
			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
		}

		include($phpbb_root_path . 'includes/acp/auth.' . $phpEx);

		$auth_admin = new auth_admin();
		if (!$auth_admin->ghost_permissions($user_id, $user->data['user_id']))
		{
			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
		}

		add_log('admin', 'LOG_ACL_TRANSFER_PERMISSIONS', $user_row['username']);

		$message = sprintf($user->lang['PERMISSIONS_TRANSFERRED'], $user_row['username']) . '

' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
		trigger_error($message);

	break;

	case 'restore_perm':

		if (!$user->data['user_perm_from'] || !$auth->acl_get('a_switchperm'))
		{
			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
		}

		$auth->acl_cache($user->data);

		$sql = 'SELECT username
			FROM ' . USERS_TABLE . '
			WHERE user_id = ' . $user->data['user_perm_from'];
		$result = $db->sql_query($sql);
		$username = $db->sql_fetchfield('username');
		$db->sql_freeresult($result);

		add_log('admin', 'LOG_ACL_RESTORE_PERMISSIONS', $username);

		$message = $user->lang['PERMISSIONS_RESTORED'] . '

' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>');
		trigger_error($message);

	break;

	default:
		$default = true;
	break;
}

// We use this approach because it does not impose large code changes
if (!$default)
{
	return true;
}

// Only registered users can go beyond this point
if (!$user->data['is_registered'])
{
	if ($user->data['is_bot'])
	{
		redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
	}

	login_box('', $user->lang['LOGIN_EXPLAIN_UCP']);
}

// Instantiate module system and generate list of available modules
$module->list_modules('ucp');

// Check if the zebra module is set
if ($module->is_active('zebra', 'friends'))
{
	// Output listing of friends online
	$update_time = $config['load_online_time'] * 60;

	$sql = $db->sql_build_query('SELECT_DISTINCT', array(
		'SELECT'	=> 'u.user_id, u.username, u.username_clean, u.user_colour, MAX(s.session_time) as online_time, MIN(s.session_viewonline) AS viewonline',

		'FROM'		=> array(
			USERS_TABLE		=> 'u',
			ZEBRA_TABLE		=> 'z'
		),

		'LEFT_JOIN'	=> array(
			array(
				'FROM'	=> array(SESSIONS_TABLE => 's'),
				'ON'	=> 's.session_user_id = z.zebra_id'
			)
		),

		'WHERE'		=> 'z.user_id = ' . $user->data['user_id'] . '
			AND z.friend = 1
			AND u.user_id = z.zebra_id',

		'GROUP_BY'	=> 'z.zebra_id, u.user_id, u.username_clean, u.user_colour, u.username',

		'ORDER_BY'	=> 'u.username_clean ASC',
	));

	$result = $db->sql_query($sql);

	while ($row = $db->sql_fetchrow($result))
	{
		$which = (time() - $update_time < $row['online_time']  ($row['viewonline'] || $auth->acl_get('u_viewonline'))) ? 'online' : 'offline';

		$template->assign_block_vars("friends_{$which}", array(
			'USER_ID'		=> $row['user_id'],

			'U_PROFILE'		=> get_username_string('profile', $row['user_id'], $row['username'], $row['user_colour']),
			'USER_COLOUR'	=> get_username_string('colour', $row['user_id'], $row['username'], $row['user_colour']),
			'USERNAME'		=> get_username_string('username', $row['user_id'], $row['username'], $row['user_colour']),
			'USERNAME_FULL'	=> get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']))
		);
	}
	$db->sql_freeresult($result);
}

// Do not display subscribed topics/forums if not allowed
if (!$config['allow_topic_notify']  !$config['allow_forum_notify'])
{
	$module->set_display('main', 'subscribed', false);
}

// Select the active module
$module->set_active($id, $mode);

// Load and execute the relevant module
$module->load_active();

// Assign data to the template engine for the list of modules
$module->assign_tpl_vars(append_sid("{$phpbb_root_path}ucp.$phpEx"));

// Generate the page, do not display/query online list
$module->display($module->get_page_title(), false);

/**
* Function for assigning a template var if the zebra module got included
*/
function _module_zebra($mode, $module_row)
{
	global $template;

	$template->assign_var('S_ZEBRA_ENABLED', true);

	if ($mode == 'friends')
	{
		$template->assign_var('S_ZEBRA_FRIENDS_ENABLED', true);
	}

	if ($mode == 'foes')
	{
		$template->assign_var('S_ZEBRA_FOES_ENABLED', true);
	}
}

?>

I’m curious did you change the URL to "http://mywebsite/ucp.php?mode=login"; or to the actually web address to that file on you server?

the function is on my website,i’ve used here “http://mywebsite/” for prevent spam.

Just curious, what kind of errors or lack of errors are we getting?

no error,when i try debug.log don’t send error,it get connection ok.but chek control don’t work.it get me “ok” ever,when user is correct or not correct.

I’m busy looking at the ucp.php code and well basically the user implementation in phpBB and I’m struggling to follow it. I might suggest creating your own php script that connects to the phpBB’s database. Perhaps even use phpBB’s DB class to help out with the connection. Otherwise at this very moment I cannot provide anymore help on the matter but I will do a little more digging to see if I can help out.

Regards,
Corrupted Heart

thank’s for interessings to my quest.

function Login() {
    var form = new WWWForm(); //here you create a new form connection
    form.AddField( "login", true ); //add your hash code to the field myform_hash, check that this variable name is the same as in PHP file
    form.AddField( "username", formNick );
    form.AddField( "password_", formPassword );
    var w = WWW(URL, form); //here we create a var called 'w' and we sync with our URL and the form
    yield w; //we wait for the form to check the PHP file, so our game dont just hang
    if (w.error != null) {
        print(w.error); //if there is an error, tell us
    } else {
        print("Test ok");
        formText = w.data; //here we return the data our PHP told us
        w.Dispose(); //clear our form in game
    }

    formNick = ""; //just clean our variables
    formPassword = "";
}

You could try that for now

What I have noticed is that w.error will only contain something if there is an error connecting to the server (no internet connection), cannot find the file, ect.

So you might want to try print(w.data); just to check what the browser is returning to you.

yeas,i viewed this,it check only connections.
our code don’t work,not bolean accepted in wwwform.thank’s.

then try “true”, I think it only needs to be present not exactly populated with anything.

ok,ive manged new php for get login function based on this original code:
LOGIN CODE

<?
// CONNECTIONS =========================================================
$host = "localhost"; //put your host here
$user = "myuser"; //in general is root
$password = "mypassword"; //use your password here
$dbname = "mydatabase"; //your database
mysql_connect($host, $user, $password) or die("Cant connect into database");
mysql_select_db($dbname)or die("Cant connect into database");
// =============================================================================
// PROTECT AGAINST SQL INJECTION and CONVERT PASSWORD INTO MD5 formats
function anti_injection_login_senha($sql, $formUse = true)
{
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!$formUse || !get_magic_quotes_gpc())
  $sql = addslashes($sql);
  $sql = md5(trim($sql));
return $sql;
}
// THIS ONE IS JUST FOR THE NICKNAME PROTECTION AGAINST SQL INJECTION
function anti_injection_login($sql, $formUse = true)
{
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!$formUse || !get_magic_quotes_gpc())
  $sql = addslashes($sql);
return $sql;
}
// =============================================================================
$unityHash = anti_injection_login($_POST["myform_hash"]);
$phpHash = "hashcode"; // same code in here as in your Unity game

$nick = anti_injection_login($_POST["myform_nick"]); //I use that function to protect against SQL injection
$pass = anti_injection_login_senha($_POST["myform_pass"]);
/*
you can also use this:
$nick = $_POST["myform_nick"];
$pass = $_POST["myform_pass"];
*/
if(!$nick || !$pass) {
    echo "Login or password cant be empty.";
} else {
    if ($unityHash != $phpHash){
        echo "HASH code is diferent from your game, you infidel.";
    } else {
        $SQL = "SELECT * FROM scores WHERE name = '" . $nick . "'";
        $result_id = @mysql_query($SQL) or die("DATABASE ERROR!");
        $total = mysql_num_rows($result_id);
        if($total) {
            $datas = @mysql_fetch_array($result_id);
            if(!strcmp($pass, $datas["password"])) {
                echo "LOGADO - PASSWORD CORRECT";
            } else {
                echo "Nick or password is wrong.";
            }
        } else {
            echo "Data invalid - cant find name.";
        }
    }
}
// Close mySQL Connection
mysql_close();
?>

this works,but is not correct for chek password,because phpBB3 use anoter password hash and not md5.
i’ve get the code from orignal hash function and i’ve changed it in my login system. this works but i’ve different ash.
this is all function forh hash :
HASH CODE

function phpbb_hash($password)
{
	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';

	$random_state = unique_id();
	$random = '';
	$count = 6;

	if (($fh = @fopen('/dev/urandom', 'rb')))
	{
		$random = fread($fh, $count);
		fclose($fh);
	}

	if (strlen($random) < $count)
	{
		$random = '';

		for ($i = 0; $i < $count; $i += 16)
		{
			$random_state = md5(unique_id() . $random_state);
			$random .= pack('H*', md5($random_state));
		}
		$random = substr($random, 0, $count);
	}

	$hash = _hash_crypt_private($password, _hash_gensalt_private($random, $itoa64), $itoa64);

	if (strlen($hash) == 34)
	{
		return $hash;
	}

	return md5($password);
}

and i’ve found the check hash function:
CHECK HASH

function phpbb_check_hash($password, $hash)
{
	$itoa64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
	if (strlen($hash) == 34)
	{
		return (_hash_crypt_private($password, $hash, $itoa64) === $hash) ? true : false;
	}

	return (md5($password) === $hash) ? true : false;
}

now what is correct way to put decode function in login code?

ok,i’ve fixed it and now wark,now my question is:
what is correct way to send data from php to unity?
for example i want when the php login is true, my game script load new lelel.

private var formNick = ""; //this is the field where the player will put the name to login
private var formPassword = ""; //this is his password
var formText = ""; //this field is where the messages sent by PHP script will be in

var URL = "http://mywebsite/check_scores.php"; //change for your URL
var hash = "hashcode"; //change your secret code, and remember to change into the PHP file too

private var textrect = Rect (10, 150, 500, 500); //just make a GUI object rectangle

function OnGUI() {
	GUI.Label( Rect (10, 10, 80, 20), "Your nick:" ); //text with your nick
	GUI.Label( Rect (10, 30, 80, 20), "Your pass:" );

	formNick = GUI.TextField ( Rect (90, 10, 100, 20), formNick ); //here you will insert the new value to variable formNick
	formPassword = GUI.TextField ( Rect (90, 30, 100, 20), formPassword ); //same as above, but for password

	if ( GUI.Button ( Rect (10, 60, 100, 20) , "Try login" ) ){ //just a button
		Login();
	}
	GUI.TextArea( textrect, formText );
}

function Login() {
	var form = new WWWForm(); //here you create a new form connection
	form.AddField( "myform_hash", hash ); //add your hash code to the field myform_hash, check that this variable name is the same as in PHP file
	form.AddField( "myform_nick", formNick );
	form.AddField( "myform_pass", formPassword );
	var w = WWW(URL, form); //here we create a var called 'w' and we sync with our URL and the form
	yield w; //we wait for the form to check the PHP file, so our game dont just hang
	if (w.error != null) {
		print(w.error); //if there is an error, tell us
	} else {
		print("Test ok");
		formText = w.data; //here we return the data our PHP told us
                            
                      [COLOR="#ff0000"] ///do check variable from php
                          
                       if (w.data ..........) //or other chek function
                       {
                    Application.LoadLevel(nextLevel);
                        }
                    
                    else  {
                     return;
                           }[/COLOR]
		w.Dispose(); //clear our form in game
	}

	formNick = ""; //just clean our variables
	formPassword = "";
}

can help me to complete chek function?
i suppose have to use echo command to send a string in unity.is correct way?

I am currently using my phone to type this so I have to be brief.

It is unsafe to transmit the user’s password as plain text because of hackers and the like so somehow you will need to get the phpbb hash function to work in Unity, take a look at unifycommunity.com for an example of MD5.

And to answer your actual question, yes you have to echo true or false then simply check if the returned value is true or false but remember to check them as strings so if(w.data == “true”)

yes,im only trying for make connection works,when i finish i add security option.

now,it’s works.if u are interessed i post php and js :slight_smile:

I think it might be helpful for other users with who try to achieve the same goal, so post the js and php please :slight_smile:

Glad I could help out

Regards,
Corrupted Heart

ok,this is the code:

JS for unity:

private var nickforum = ""; //this is the field where the player will put the name to login
private var passforum :String = "";
var nextLevel:int;

var formText = ""; //this field is where the messages sent by PHP script will be in

var URL = "http://myurl.check.php"; //change for your URL
var hash = "testHash"; //change your secret code, and remember to change into the PHP file too


private var textrect = Rect (10, 150, 500, 500); //just make a GUI object rectangle

function OnGUI() {
    GUI.Label( Rect (10, 10, 80, 20), "Username:" ); //text with your nick
    GUI.Label( Rect (10, 30, 80, 20), "Password:" );


    nickforum = GUI.TextField ( Rect (90, 10, 100, 20), nickforum ); 
    passforum = GUI.PasswordField ( Rect (90, 30, 100, 20), passforum , "*"[0], 25); 


    if ( GUI.Button ( Rect (10, 60, 100, 20) , "Connettiti" ) ){ //just a button
        Login();
    }
    GUI.TextArea( textrect, formText );
}

function Login() {

    var form = new WWWForm(); //here you create a new form connection
    //form.AddField( "myform_hash", hash ); //add your hash code to the field myform_hash, check that this variable name is the same as in PHP file
    form.AddField( "myform_hash", hash );
    form.AddField( "nickforum", nickforum );
    form.AddField( "passforum", passforum );
    var w = WWW(URL, form); //here we create a var called 'w' and we sync with our URL and the form
    yield w; //we wait for the form to check the PHP file, so our game dont just hang
    if (w.error != null) {
        print(w.error); //check only connection ,if there is an error, tell us
    } else {
        print("Test ok");
        formText = w.text; //here we return the data our PHP told us

         if (formText=="connected") //check the return data from php,if is correct load other level
                       {
                    Application.LoadLevel(nextLevel);
                        }

                    else  {
                     return;
                           }
        w.Dispose(); //clear our form in game
    }

    nickforum  = ""; //just clean our variables
    passforum = "";
}

function Update () {
 if (Input.GetKey (KeyCode.Escape))
       Application.Quit();
}

PHP for web(this is based on login function privided by phpbb3-u have to put this php on the main folder of our forum):

<?
// CONNECTIONS =========================================================

$host = "your host"; //put your host here
$user = "user dbase"; //username for dbase
$password = "db password"; //password for dbase
$dbname = "dbase name"; //your database name
mysql_connect($host, $user, $password) or die("Cant connect into database");//connect to host
mysql_select_db($dbname)or die("Cant connect into database");//connect to dbase

//=====IMPORT FUNCTION FROM OTHER PHP(PHPbb3)=====
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);

require($phpbb_root_path . 'includes/functions.' . $phpEx);//the file containsh check system from password dbase
// =============================================================================



// PROTECT AGAINST SQL INJECTION and CONVERT PASSWORD INTO MD5 formats
function anti_injection_login_yumipwd($sql, $formUse = true)
{
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!$formUse || !get_magic_quotes_gpc())
  $sql = addslashes($sql);
  //$sql = md5(trim($sql));     //at this time the password was send clear
return $sql;
}
// THIS ONE IS JUST FOR THE NICKNAME PROTECTION AGAINST SQL INJECTION
function anti_injection_login_yumi($sql, $formUse = true)
{
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!$formUse || !get_magic_quotes_gpc())
  $sql = addslashes($sql);
return $sql;
}



//==================================0



$unityHash = anti_injection_login($_POST["myform_hash"]);
$phpHash = "testHash"; // same code in here as in your Unity game

$nick = anti_injection_login($_POST["nickforum"]); //I use that function to protect against SQL injection
$pass = anti_injection_login_pwd($_POST["passforum"]);//I use that function to protect against SQL injection
$nickclean =strtolower($nick);//use this for make inserted usernama in a low char


/*
you can also use this:
$nick = $_POST["nickforum"];
$pass = $_POST["passforum"];
*/
if(!$nick || !$pass) { //chek the user and passwor not empty
    echo "Username and password are required";

} else {
    if ($unityHash != $phpHash){//check the has
        echo "Injiction code not permitted";
    } else {






        $find = mysql_query ("SELECT * FROM  phpbb3_users  WHERE username_clean = '$nickclean'");//chek the username
        if (mysql_num_rows($find)==0)
           echo "Name not found";
            else {

           while ($find_row = mysql_fetch_assoc ($find)){


                  $pwd = $find_row['user_password'];//assign password

                }

               $check = phpbb_check_hash($pass, $pwd);//check password
                if ($check==FALSE)
                       echo "Wrong password";
                else if ($check==TRUE){

                               echo "Connected";//string returned if all ok,thet have to corrispondin on our javascript


                                           }



             }





        }
        }


// Close mySQL Connection
mysql_close();
?>

**Sorry for my bad english comment on the script.

WARNING:
This code send a clear data(username and password) from unity to php.
What is correct way to send a crypted data from unity to php?