So right now I have it working so that the account is created by calling up a PHP web page with some arguments which creates the database record with your username and password. But I'd rather not have to do that as people could easily find out the page and then just spam my database with account adds.
But, the dilemma is I can't access the database until I log in to a zone with a plug-in. So you have to have an account.
I was thinking of making a bogus zone with a custom login plug-in that really creates the account when you pass it the username and password. If the account can't be created, it fails to log in--if it does create the account it's successful. Then I can log out of this fake zone.
What are you guys doing in your games?
What's your strategy for account creation?
If I understand what you said correctly you have a php script you use to create accounts but you don't want this script publicly accessible? It is only for your use.
If this is the case why not simply protect the directory the php script is in by using a .htaccess file in combination with a .htpassword file to password protect the directory?
If this is the case why not simply protect the directory the php script is in by using a .htaccess file in combination with a .htpassword file to password protect the directory?
A simple way is this:
create a special Room of type "Limbo" in your zone.
Connect your guest user there and present the user the registration form.
When he submits the data you verify it on the server side and if all is good create the new account.
Now you disconnect the guest user from the "registration room" and join him in the lobby using his shiny new credentials.
This way everything happens behind the scenes, and you have total control over data validation etc...
Hope it helps
create a special Room of type "Limbo" in your zone.
Connect your guest user there and present the user the registration form.
When he submits the data you verify it on the server side and if all is good create the new account.
Now you disconnect the guest user from the "registration room" and join him in the lobby using his shiny new credentials.
This way everything happens behind the scenes, and you have total control over data validation etc...
Hope it helps
Hmm both of these methods seem pretty good. I'll give them both some consideration. I might try the htaccess one so that I reduce the load on the game server (and plus the PHP script already works).
I do all the validation and stuff in my flash app--but I just call the PHP script inside flash. So I can easily swap out both methods and see which works better.
I do all the validation and stuff in my flash app--but I just call the PHP script inside flash. So I can easily swap out both methods and see which works better.
-
mistermind
- Posts: 131
- Joined: 15 Sep 2007, 01:33
- Contact:
Watch it for data tamper buddy. I've been a victim of these people not long enough for using external ASP pages as a connection bridge to my SFS. The best way to protect yourself is definally using SFS Database functionalities. This way is highly unlikely anyone can tamper your database connections
SELECT * FROM users WHERE clue > 0
0 rows returned.
0 rows returned.
Return to “Server Side Extension Development”
Who is online
Users browsing this forum: No registered users and 55 guests