smartfoxserver.com

SmartFoxServer support forums
https://www.smartfoxserver.com/forums/

What's your strategy for account creation?

https://www.smartfoxserver.com/forums/viewtopic.php?f=4&t=2685

Page 1 of 1

What's your strategy for account creation?

Posted: 14 Mar 2008, 07:28
by flarb
So right now I have it working so that the account is created by calling up a PHP web page with some arguments which creates the database record with your username and password. But I'd rather not have to do that as people could easily find out the page and then just spam my database with account adds.

But, the dilemma is I can't access the database until I log in to a zone with a plug-in. So you have to have an account.

I was thinking of making a bogus zone with a custom login plug-in that really creates the account when you pass it the username and password. If the account can't be created, it fails to log in--if it does create the account it's successful. Then I can log out of this fake zone.

What are you guys doing in your games?

Posted: 14 Mar 2008, 07:42
by tobypb
If I understand what you said correctly you have a php script you use to create accounts but you don't want this script publicly accessible? It is only for your use.

If this is the case why not simply protect the directory the php script is in by using a .htaccess file in combination with a .htpassword file to password protect the directory?

Posted: 14 Mar 2008, 08:04
by Lapo
A simple way is this:
create a special Room of type "Limbo" in your zone.
Connect your guest user there and present the user the registration form.
When he submits the data you verify it on the server side and if all is good create the new account.

Now you disconnect the guest user from the "registration room" and join him in the lobby using his shiny new credentials.

This way everything happens behind the scenes, and you have total control over data validation etc...

Hope it helps

Posted: 14 Mar 2008, 18:06
by flarb
Hmm both of these methods seem pretty good. I'll give them both some consideration. I might try the htaccess one so that I reduce the load on the game server (and plus the PHP script already works).

I do all the validation and stuff in my flash app--but I just call the PHP script inside flash. So I can easily swap out both methods and see which works better.

Posted: 10 Apr 2008, 16:14
by mistermind
Watch it for data tamper buddy. I've been a victim of these people not long enough for using external ASP pages as a connection bridge to my SFS. The best way to protect yourself is definally using SFS Database functionalities. This way is highly unlikely anyone can tamper your database connections
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/