Question about developing multiplayer game based on PHP

I will try to make this as short as possible and as simple as possible. I used to develop websites in the past. So i know that when you login in the websites, your client gets cookies, sessionid and so on…

But i don’t know how this stuff works in unity. So, after following a tutorial, and reading some info about unity, i made the following.(Using prepared statements)

CLIENT:
-User logs into the game, his inputs are username, password.
SERVER:
-Checking if the username has special characters
-Checking if the username matches the input’s character length requrements
-Checking if the username exists in the database
-Checking if the password matches the hash from the database
-Generating session key made out of random numbers, current datetime in numbers, more random numbers and his username shuffled
-Sending back to the client the session key and return successful login.

So when the server sends the key to my unity application, the application doesnt do something special with that key but simply storing it into a static variable that will be accessible in all scenes. Each time the user performs something in the game that would select,insert,change a database value, his client will send his username and key, and the server will check if his client key matches the database key.

If the server was checking only his username… for example…
CLIENT:
-The user equips an item
SERVER:

• SELECT * FROM players WHERE username = (the client’s sended username);

If the server was checking only his username, then the player could edit that username using hacks and then play trough someone else’s account. Which is why i made this key to make it work the following way.
CLIENT:
-The user equips an item
SERVER:

• SELECT * FROM players WHERE username = (the client’s sended username) AND sessionkey = (the client’s sended sessionkey);
  -Check if that client’s username & key are matching the ones from the database, if not, disconnect the user.

So in order for the hacker to go into someone else’s account, he will also need the key of that someone else’s account. This key is unique, and new key is generated for the user’s account after each login. It is made out of over 20 characters, so no hacker could guess what the user’s key is. I made this to prevent account swap … i don’t know how to even call this but i hope you guys understand.

The problem here is that i asked 2 of my programmer friends, they said that what i’m doing is retarded. (Combining C# and PHP). Why there are tutorials for this then…? Is what i’m doing above amateur? Is there a better way to do this login system? Please help me, because i don’t want to continue making this game, and then rework everything just because i realized that i’ve done it in a wrong way. Thank you for your time.

Yes, Unity is not a browser so it doesn’t manage cookies and therefore your PHP sessions won’t work out of the box, unless you manually handle HTTP headers in each request/response.

The system you propose is akin to a browser cookie, the server sends a secure enough token to the client and the client sends it back with every request to identify itself. It should work, provided you run everything via HTTPS with a valid certificate.

The problem however is in the post title: making an entire game with PHP on the backend can be pain the behind. HTTP calls are not suitable for online games as they are pretty slow and you will soon hit scalability issues with PHP.

I would rather look into a websocket based solution (e.g. NodeJS) or use a battle-tested multiplayer server such as SmartFoxServer, which offers al lot of goodies out of the box. If you’re the adventurous type you could also go for a custom made solution in Java running Jetty/Tomcat with a websocket servlet.

Thanks for the nice answer. I expected to hear “OMG… what you are doing is completely retarded…”.

Well, my game will be turn based game, like chees. Each player has spells, and while they duel each other, each one of them will have 10 seconds to make his turn. So… there will not be many requests send from my client. And i also write as less PHP code as possible. For example, my register.php contains only 120 rows of code.

I think you told me this because you think im making some kind of FPS game or MMORPG that would send requests to the server non-stop. My game will be really simple turn based game. The client will send data to the server ONLY when the player casts a spell, or his turn has expired. So there would be approximately 2-3 requests per 10 seconds(durring the battles). Behind the battles, players will be able to equip items to their character and stuff like that(which is not limited by time). Still i think that my game will not be overloading the server to a point in which the game will be totally unplayable. Well, this might happen if the popularity of my game goes very high, but in this case i could create a second server or something. And also many MMORPG’s have the option to select a server.

Now that i told you what kind of game im making, please tell me again your oppinion. Thanks for the attention again.

It all comes down to the scope of this project. Is it a personal/hobby project? Or something that is supposed to grow, expand and provide a reliable service? If the former, no problem. HTTP will work, at least up to a point. If the latter, HTTP is not the way. There’s no two ways about it.

Yes it is supossed to grow … but i don’t have much experience with unity. I think my head will blow up while i think about how i should make this project in another way. You said i should go for “websocked based solution”… this means nothing to me. My entire experience in programing was 4 months in PHP, i did the following.

The thing i was doing for android is pretty similar to this, the only difference is that the browser game sends requests to the server each time you go to another page. While the android app will send request to the server only when it changes a database value, or needs to have a value sent back to the app. I readed up some more about the multiplayer stuff in unity. Well… i don’t want any third party “assets” (if i can call them that way) like Photon that requires me to pay. I want to develop everything by myself. And if one day my project grows up and i want to sell it, i want to tell the buyer that i did anything by myself, and there is nothing stolen or third party. That will include all 3D models in the game, the textures and so on.

Can you please advice me where to find something that works like HTTP. I mean some kind of asset/plugin or something that will be able to access a database and send/receive values from it. I will tell me name and i will try to search for some tutorials. This entire thing will blow up my mind.

[QUOTE=[BlackSunPhoenix]( Question about developing multiplayer game based on PHP members/blacksunphoenix.2302558/)]You said i should go for “websocked based solution”… this means nothing to me. My entire experience in programing was 4 months in PHP, i did the following.
[/QUOTE]
Websocket is a sub-protocol of HTTP that allows you to use persistent connections instead of open/close connections like in regular HTTP calls. This is more efficient for multiplayer games and allows bi-directional communication, where HTTP essentially doesn’t support it (actually it can be done, but it’s trickier and less efficient)

Maybe there are websocket implementations for PHP too, I’d be surprised of the contrary actually! Maybe you can look into it and integrate it in your project. Good luck!