Hi, ive found on unity forum a simply script to connect unity to dbase,and i've modified it for my self. I send informatio to unity to php,and my php chek the dbase and send back info. My quest is:what is correct way to add security for transmetting data from unity to my php?
LOGIN SESSION UNITY(js):
private var nickforum = ""; //this is the field where the player will put the name to login
private var passforum :String = "";
var nextLevel:int;
var formText = ""; //this field is where the messages sent by PHP script will be in
var URL = "http://myurl.check.php"; //change for your URL
var hash = "testHash"; //change your secret code, and remember to change into the PHP file too
private var textrect = Rect (10, 150, 500, 500); //just make a GUI object rectangle
function OnGUI() {
GUI.Label( Rect (10, 10, 80, 20), "Username:" ); //text with your nick
GUI.Label( Rect (10, 30, 80, 20), "Password:" );
nickforum = GUI.TextField ( Rect (90, 10, 100, 20), nickforum );
passforum = GUI.PasswordField ( Rect (90, 30, 100, 20), passforum , "*"[0], 25);
if ( GUI.Button ( Rect (10, 60, 100, 20) , "Connettiti" ) ){ //just a button
Login();
}
GUI.TextArea( textrect, formText );
}
function Login() {
var form = new WWWForm(); //here you create a new form connection
//form.AddField( "myform_hash", hash ); //add your hash code to the field myform_hash, check that this variable name is the same as in PHP file
form.AddField( "myform_hash", hash );
form.AddField( "nickforum", nickforum );
form.AddField( "passforum", passforum );
var w = WWW(URL, form); //here we create a var called 'w' and we sync with our URL and the form
yield w; //we wait for the form to check the PHP file, so our game dont just hang
if (w.error != null) {
print(w.error); //check only connection ,if there is an error, tell us
} else {
print("Test ok");
formText = w.text; //here we return the data our PHP told us
if (formText=="connected") //check the return data from php,if is correct load other level
{
Application.LoadLevel(nextLevel);
}
else {
return;
}
w.Dispose(); //clear our form in game
}
nickforum = ""; //just clean our variables
passforum = "";
}
function Update () {
if (Input.GetKey (KeyCode.Escape))
Application.Quit();
}
PHP CHECK CODE(this correct for phpbb3 forum):
<?
// CONNECTIONS =========================================================
$host = "your host"; //put your host here
$user = "user dbase"; //username for dbase
$password = "db password"; //password for dbase
$dbname = "dbase name"; //your database name
mysql_connect($host, $user, $password) or die("Cant connect into database");//connect to host
mysql_select_db($dbname)or die("Cant connect into database");//connect to dbase
//=====IMPORT FUNCTION FROM OTHER PHP(PHPbb3)=====
define('IN_PHPBB', true);
$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
require($phpbb_root_path . 'includes/functions.' . $phpEx);//the file containsh check system from password dbase
// =============================================================================
// PROTECT AGAINST SQL INJECTION and CONVERT PASSWORD INTO MD5 formats
function anti_injection_login_yumipwd($sql, $formUse = true)
{
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!$formUse || !get_magic_quotes_gpc())
$sql = addslashes($sql);
//$sql = md5(trim($sql)); //at this time the password was send clear
return $sql;
}
// THIS ONE IS JUST FOR THE NICKNAME PROTECTION AGAINST SQL INJECTION
function anti_injection_login_yumi($sql, $formUse = true)
{
$sql = preg_replace("/(from|select|insert|delete|where|drop table|show tables|,|'|#|\*|--|\\\\)/i","",$sql);
$sql = trim($sql);
$sql = strip_tags($sql);
if(!$formUse || !get_magic_quotes_gpc())
$sql = addslashes($sql);
return $sql;
}
//==================================0
$unityHash = anti_injection_login($_POST["myform_hash"]);
$phpHash = "testHash"; // same code in here as in your Unity game
$nick = anti_injection_login($_POST["nickforum"]); //I use that function to protect against SQL injection
$pass = anti_injection_login_pwd($_POST["passforum"]);//I use that function to protect against SQL injection
$nickclean =strtolower($nick);//use this for make inserted usernama in a low char
/*
you can also use this:
$nick = $_POST["myform_nick"];
$pass = $_POST["myform_pass"];
*/
if(!$nick || !$pass) { //chek the user and passwor not empty
echo "Username and password are required";
} else {
if ($unityHash != $phpHash){//check the has
echo "Injiction code not permitted";
} else {
$find = mysql_query ("SELECT * FROM phpbb3_users WHERE username_clean = '$nickclean'");//chek the username
if (mysql_num_rows($find)==0)
echo "Name not found";
else {
while ($find_row = mysql_fetch_assoc ($find)){
$pwd = $find_row['user_password'];//assign password
}
$check = phpbb_check_hash($pass, $pwd);//check password
if ($check==FALSE)
echo "Wrong password";
else if ($check==TRUE){
echo "Connected";//string returned if all ok,thet have to corrispondin on our javascript
}
}
}
}
// Close mySQL Connection
mysql_close();
?>
what is correct way to crypt password in unity,and decript it on php?