Database access, User Login and Validation [What is the best/safest way?]

Hi!

So I understand that connecting directly from the client to MySQL server is not recommended, since I will have the client hold my username and password to the database

So I was thinking about connection from PHP page, and output TRUE if connected

so far so good. (I am using Photon for the game logic sync and matchmaking)

but I need your opinion about something, do you just login at first and thats it? the user is OK for the rest of the game session?
or do you “relogin” every scene or screen?

and would you say that calling WWW function to a PHP and use GET (with some kind of hashed key in the client) to pass the variables is the best and fastest way to access the database? just send WWW function every time I need database access?
or is it better to work with Sockets to a costume server and make it connect to the database and work with the packets?
or is it better to run a “Server” from unity (another Photon Client) to manage the database access and send back RPCs with the result?

(the project is a shooter game, so the database access is for things like Login, Character Data, Inventory, Shop Items and Money)

I would love to hear your opinion and experience!
Thanks!

If your using Photon why use PHP to login? Why not have the Server handle the Login?

some people may want to do what Mojang is doing with Minecraft. They handle the user accounts and let the players host their own Minecraft server.

yes, I want to save the user EXP for example so he can have his character when he gets back to the game, even when it is from a different computer (so I cant use PlayerPrefs)

If you use photon server , do it on your server side,it’s better for the security.

oohh user experience points. ya save it server side through photon and not php. saving through php would allow players to give themselves EXP which ends up being cheating.

Try this: https://www.assetstore.unity3d.com/en/#!/content/682

I bought it to learn PHP and MySQL login. It will work with Unity easily.

I know its $25 but you have to ask yourself how much your time is worth. I felt that I could easily spend 40 hours figuring it out myself (at the time never used MySQL or PHP before), so $25 seemed like a great deal to me.

Thanks for all the replays!!

OK, so PHP is out of the question (also since it will most chances be much slower)

So now I have 2 options left:

  1. costume C# server app that will connect to the SQL and send data by Socket
  2. Unity Server application that will run on the server and “manage” the SQL connection and Data send

both ways seems fine from security point of view I think
but I wonder about the speed and Bandwidth usage…
will unity RPC send take more Bandwidth then costume server? (I think so, but want to be sure…)