First off all, a few years ago I started to lern HTML and php to create a little webside for some friends of mine. This was the first contact with scripting/programming in my life. Since than I felt in love with it.
So 2 days ago a user on this forum asked about how he can store/load data from Unity on a webserver. I helped him out and tried to provied some information and an example script. ( Thread I’m talking about )
And now I’m asking my self. Is there a need for something like PlayerPrefs to store data online? A small free/low price package that includes a php backend?
I would like to work on that for my next project and would like to hear your opinion.
P.S.: not sure if this is the right forum section
greetings Ronny
Yes, this is the right section.
As long as it’s professionally done I’d say that yes, this would be really handy. It’s something I’d find useful both for work and hobby development.
The key to me is security. I can also do PHP web service stuff, but I’m by no means an expert, so I’m not confident that my stuff is production ready - especially if built with such a volatile and hack-centric toolset as PHP. (As useful as PHP is, it’s also a really crappy tool. See: PHP: a fractal of bad design / fuzzy notepad .) So for me to consider using a package for anything that I’d be selling, I’d want to know that it’s made by someone who is an expert, because that’s half the reason I’d buy the package instead of making it myself.
I’d also possibly give strong preference to a solution not made in PHP, though unfortunately PHP’s popularity comes from the fact that it can be deployed pretty much anywhere, which isn’t as true for other tools.
Also, for me, an online implementation of PlayerPrefs wouldn’t be enough. I’d want the system to be a) customisable, b) verifiable, and c) able to accept more data types, such as images or binary/XML blobs.
That was a long read ^^
Well Security is of course a big thing with this kind of stuff. No body would be happy if data is “hacked” out of a database and spread around the Internet.
I have been thinking about somethink as well. But first of all, if I ever start this, I want the basic PlayerPref functionallity done and will see how it goes.
Can you go a bit more in detail on this points. What do you want to see exactly?
Well, there are two things I want in terms of being “verifiable”.
First, I’d like to have some level of certainty that clients sending information are who I think they are. This is impossible to guarantee, but something like Facebook’s secret key system would be a good start. Of course users would have to understand that it’s still not 100% secure, and is pretty much useless without SSL or a similar system in place.
Secondly, I want to be relatively sure that only valid data is being stored and returned. So the server should sanity-check data before saving it, and provide some form of check on the client side to make sure we’re not getting dangerous junk in return. You probably can’t do the latter properly without providing client-side hooks for us to also add our own checks. That is to say, neither the server nor the client should trust each other, as there is always the possibility that the other has been compromised.
Fair enough if you want to start by just putting PlayerPrefs online. I probably wouldn’t make much use of such a system myself, but I think it’s a good idea to get something minimal out there and only build on it if you get traction. And I think it could well be useful in some circumstances - people with simple games who want to be able to share a trivial save state between devices and/or platforms, for instance.
I already have some thoughts about user validation that I need to try out.
The first thing I lerned while lerning PHP was: “Never trust the client” So I get your point and I’m aware of it.
Anyways thanks for your input so far!
Yes, this is useful if done properly with security in mind. I would like too see more than playprefs too.
It’s more than that. It’s “never trust any remote system” because you quite simply never know who or what it is for absolute certain. You also never know that even legitimate clients don’t have errors that could cause problems.
That’s exactly what “never trust the client” means already.
True, but my point was simply to clarify that even when I’m on the client side of a client-server architecture I don’t trust the server, either. I know that to experts the term “client” in this context does indeed refer to any system that communicates with the one that you’re on, but when it comes to people I don’t know talking on the Internet I figure it can’t hurt to clarify. 
So, I started working on this and just want to share this moment.
Do you know what I really like about programming? Its the magic 
turning this http://deep-shades.lima-city.de/unity/
into this
Still a long way to go but it’s a start.
