What's your strategy for account creation?

Post here your questions about Actionscript and Java server side extensions development.

Moderators: Lapo, Bax

flarb
Posts: 131
Joined: 15 Oct 2007, 21:07
Location: Home of the Body Bag
Contact:

What's your strategy for account creation?

Postby flarb » 14 Mar 2008, 07:28

So right now I have it working so that the account is created by calling up a PHP web page with some arguments which creates the database record with your username and password. But I'd rather not have to do that as people could easily find out the page and then just spam my database with account adds.

But, the dilemma is I can't access the database until I log in to a zone with a plug-in. So you have to have an account.

I was thinking of making a bogus zone with a custom login plug-in that really creates the account when you pass it the username and password. If the account can't be created, it fails to log in--if it does create the account it's successful. Then I can log out of this fake zone.

What are you guys doing in your games?
User avatar
tobypb
Posts: 48
Joined: 15 Jun 2007, 20:50

Postby tobypb » 14 Mar 2008, 07:42

If I understand what you said correctly you have a php script you use to create accounts but you don't want this script publicly accessible? It is only for your use.

If this is the case why not simply protect the directory the php script is in by using a .htaccess file in combination with a .htpassword file to password protect the directory?
User avatar
Lapo
Site Admin
Posts: 21367
Joined: 21 Mar 2005, 09:50
Location: Italy

Postby Lapo » 14 Mar 2008, 08:04

A simple way is this:
create a special Room of type "Limbo" in your zone.
Connect your guest user there and present the user the registration form.
When he submits the data you verify it on the server side and if all is good create the new account.

Now you disconnect the guest user from the "registration room" and join him in the lobby using his shiny new credentials.

This way everything happens behind the scenes, and you have total control over data validation etc...

Hope it helps
Lapo
--
gotoAndPlay()
...addicted to flash games
flarb
Posts: 131
Joined: 15 Oct 2007, 21:07
Location: Home of the Body Bag
Contact:

Postby flarb » 14 Mar 2008, 18:06

Hmm both of these methods seem pretty good. I'll give them both some consideration. I might try the htaccess one so that I reduce the load on the game server (and plus the PHP script already works).

I do all the validation and stuff in my flash app--but I just call the PHP script inside flash. So I can easily swap out both methods and see which works better.
User avatar
mistermind
Posts: 131
Joined: 15 Sep 2007, 01:33
Contact:

Postby mistermind » 10 Apr 2008, 16:14

Watch it for data tamper buddy. I've been a victim of these people not long enough for using external ASP pages as a connection bridge to my SFS. The best way to protect yourself is definally using SFS Database functionalities. This way is highly unlikely anyone can tamper your database connections
SELECT * FROM users WHERE clue > 0
0 rows returned.

Return to “Server Side Extension Development”

Who is online

Users browsing this forum: No registered users and 5 guests