Hey all,
I was looking at Facebook payments methodology, and saw it has some server side code to validate the purchase, when successful, but suppose the game uses sfs, and the php validates everything is ok,
basically I COULD just send a client request saying "all is ok, give me 10,000 coins" to the sfs and be done with it, a thing that is subject to fraud.
I'm trying to find a way of letting the user get his coins/gold/whatever from sfs without sending him a "all is ok" message.
Any ideas?
Any way of interacting sfs2x using php?
-
- Posts: 84
- Joined: 11 Oct 2009, 11:46
- Contact:
Re: Any way of interacting sfs2x using php?
The best way would be that SFS2X does the FB transaction on behalf of the user via the FB API.
If you do it from client side it's harder to be able to synchronize the two things (the server status and the FB transaction)
If you do it from client side it's harder to be able to synchronize the two things (the server status and the FB transaction)
-
- Posts: 84
- Joined: 11 Oct 2009, 11:46
- Contact:
Re: Any way of interacting sfs2x using php?
so I get an encrypted token from Facebook, send it to sfs, and sfs decodes it and checks against facebook api?
Re: Any way of interacting sfs2x using php?
If that's the way FB works (sorry, I am not familiar) then yes, sounds like a good way to validate the transaction.
-
- Posts: 84
- Joined: 11 Oct 2009, 11:46
- Contact:
Re: Any way of interacting sfs2x using php?
Cool, that saves a php call, syncs the data and the sfs could update the db
Thanks!
Thanks!
- Carl Lydon
- Posts: 298
- Joined: 12 Nov 2007, 16:15
- Location: NYC
- Contact:
Re: Any way of interacting sfs2x using php?
How does the extension communicate directly with fb? Or indirectly?
- Carl Lydon
- Posts: 298
- Joined: 12 Nov 2007, 16:15
- Location: NYC
- Contact:
Re: Any way of interacting sfs2x using php?
Also, has anything changed on this subject in the past 2 years?
Are there any recent tutorials or posts that you would recommend, that outline the best practice for doing secure transactions using the Facebook payment system communicating directly or indirectly with the SF extension or the database?
Are there any recent tutorials or posts that you would recommend, that outline the best practice for doing secure transactions using the Facebook payment system communicating directly or indirectly with the SF extension or the database?
Who is online
Users browsing this forum: No registered users and 53 guests