I wanted to modify the standard High Score script to have 4 different tables for different game modes. Here’s what I’ve got (no displaying yet):
HSController.js
private var secretKey="*********";
var addScoreUrl="http://www.wanilla.net/ssp3d/addscores.php?";
var myscore = scoreCounter.score;
var myName = "Moldorma";
function Update () {
if (LevelUp.mode=="Sleepy") {
addScoreUrl="http://www.wanilla.net/ssp3d/addscores.php?";
}
if (LevelUp.mode=="Brisk") {
addScoreUrl="http://www.wanilla.net/ssp3d/addscoreb.php?";
}
if (LevelUp.mode=="Rapid") {
addScoreUrl="http://www.wanilla.net/ssp3d/addscorer.php?";
}
if (LevelUp.mode=="Insanity!!") {
addScoreUrl="http://www.wanilla.net/ssp3d/addscorei.php?";
}
}
function OnMouseDown () {
postScore(myName, myscore);
}
function postScore(name, score) {
print ("woo");
//This connects to a server side php script that will add the name and score to a MySQL DB.
// Supply it with a string representing the players name and the players score.
var hash=Md5.Md5Sum(myName + score + secretKey);
var highscore_url = addScoreUrl + "name=" + WWW.EscapeURL(myName) + "&score=" + score + "&hash=" + hash;
// Post the URL to the site and create a download object to get the result.
hs_post = WWW(highscore_url);
yield hs_post; // Wait until the download is done
if(hs_post.error) {
print("There was an error posting the high score: " + hs_post.error);
}
}
addscores.php
<?php
$secretkey="*********";
$name = $_GET['name'];
$score = $_GET['score'];
$hash = $_GET['hash'];
$real_hash = md5($name + $score + $secretKey);
if($real_hash == $hash) {
// Send variables for the MySQL database class.
$db = mysql_connect('localhost', 'wanillan_wanilla', '*********') or die('Could not connect: ' . mysql_error());
mysql_select_db('wanillan_scores') or die('Could not select database');
$query = "insert into ssp3d_sleepy values (NULL, '$name', '$score');";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
}
?>
But when I run this function it won’t submit scores to the database. It says connecting in the bottom bar of Firefox when I do it in a web player (see for yourself at http://www.wanilla.net/ssp3d (note: I didn’t bother to set the window to a playable size. The hud will not be visible. Also, I’ve only set up highscores for Sleepy mode)). What am I doing wrong? Thanks!
This way you can see which IF/THEN condition is not true.
Another way is dumping your URL to the console and copy/paste it in your browser and output debug info in PHP. (Since variables are being send using GET you can do this easily).
One thing you are doing wrong is trying to use the plus operator for concatenation. The dot is the concat operator in PHP so you would want something like:-
$real_hash = md5($name . $score . $secretKey);
Also, you might want to consider having just a single PHP script and passing the game mode in as a URL parameter - otherwise you will have to make any modifications/fixes separately in four different places. Just a suggestion.
Positive. (You’ll notice that the other concats in the script use the dot operator correctly - it’s just that one line that was wrong.)
I’ve updated the wiki - the previous code there was also a bit dodgy in that it didn’t protect against SQL injection. The new version includes some basic parameter escaping.
<?php
$db = mysql_connect('localhost', 'wanillan_wanilla', '*********') or die('Could not connect: ' . mysql_error());
mysql_select_db('wanillan_scores') or die('Could not select database');
// Strings must be escaped to prevent SQL injection attack.
$name = mysql_real_escape_string($_GET['name'], $db);
$score = mysql_real_escape_string($_GET['score'], $db);
$hash = $_GET['hash'];
$secret_key="*********"; # Change this value to match the value stored in the client javascript below
$real_hash = md5($name . $score . $secretKey);
if($real_hash == $hash) {
// Send variables for the MySQL database class.
$query = "insert into ssp3d_sleepy values (NULL, '$name', '$score');";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
}
?>
No, you definitely need to use $_GET when the parameters are passed in the URL.
I’m sure you know already, but just to check: is your web player file in the same folder as the PHP script? I think the web player refuses to call scripts from anywhere else as a security measure.
Have you tried summoning the addscore.php page from a browser, passing the parameters manually? (You’ll have to take out the "if (realhash...)" line for this to work, of course.) You should be able to use this to see if any of the die commands are being executed (no pun intended). Also, you can use echo to put debug information in the returned web page (eg, you can use "echo _SERVER[‘REQUEST_URI’]; to show the exact URL as received).
If the dies are not activated then the only other obvious thing is that the “if ($realhash…)” statement fails because the two values are not equal somehow. If you use echo to print out the values then you should be able to see if one of them is not set correctly.
I found the culprit. When it does the hash in PHP it has the secretKey variable named differently from when you declare it two lines earlier. I’ll fix that on the Wiki.
I’m trying to use the wiki scripts as well.
When I use themI get compile errors right away.
Chiefly:
“Assets/iPhone Standard Assets/Scripts/HSController.js(21,41): BCE0051: Operator ‘+’ cannot be used with a left hand side of type ‘Object’ and a right hand side of type ‘Object’.”
Thanks!