stackoom
  简体   繁体   中英

How to make php more secure in unity

 原文  2016-06-24 00:25:33       javascript/ php/ mysql/ unity3d

Question

I wish to update a table in a database using php. I'm developing a game in unity using php to retrieve and update data. Each user logs in with their FB details (the correct way by using the FB API), but for now the username is a unique int ID and a sc column that needs to be updated.

Here is a link example: http://www.mydomain.co.za/php/myphp2.php?id=1&sc= "1,2"

PHP code (myphp2.php): 

<?php

require_once('/home/########/public_html/php/mysqli_connect.php');
$id = $_GET['id'];
$selected_cards = $_GET['sc'];

$query = "UPDATE PlayerCards SET SelectedCards=$selected_cards WHERE ID=$id";

$response = @mysqli_query($dbc, $query);

if($response){
    echo 'Updated the sc of the selected id';

} else {
    echo 'could not execute database query 2';
}
?>

This way I can update any user's sc value using a browser. (BIG PROBLEM)

Here is my C# scripts for Unity that retrieves the facebook user's login ID that I will use in my database to store values:

FB_manager.cs: (script that contains data) 

using UnityEngine;
using UnityEngine.UI;
using System.Collections;
using System.Collections.Generic;
using Facebook.Unity;


public class FB_manager : MonoBehaviour {

    private static FB_manager _instance;

    public static FB_manager Instance
    {
        get {
            if(_instance == null){
                GameObject fbm = new GameObject("FBManager");
                fbm.AddComponent<FB_manager>();
            }

            return _instance;
        }
    }

    public bool IsLoggedIn {get; set;}
    public string ProfileName {get; set;}
    public Sprite ProfilePic {get; set;}
    public string ProfileEmail {get; set;}

    void Awake()
    {
        DontDestroyOnLoad(this.gameObject);
        _instance = this;
    }

    public void InitFB(){
        if (!FB.IsInitialized) {
            // Initialize the Facebook SDK
            FB.Init(InitCallback, OnHideUnity);
        } else {
            IsLoggedIn = FB.IsLoggedIn;
        }
    }

    private void InitCallback()
    {
        if (FB.IsInitialized) {
            Debug.Log("FB is logged in");
            GetProfile();
            FB.ActivateApp();
        } else {
            Debug.Log("FB not logged in");
        }

         IsLoggedIn = FB.IsLoggedIn;

    }

    private void OnHideUnity(bool isGameShown)
    {
        if (!isGameShown) {
            // Pause the game - we will need to hide
            Time.timeScale = 0;
        } else {
            // Resume the game - we're getting focus again
            Time.timeScale = 1;
        }
    }

    public void GetProfile(){
        FB.API("/me?fields=first_name",HttpMethod.GET, DisplayUserName);
        FB.API("/me/picture?type=square&height=128&&widht=128",HttpMethod.GET,             DisplayProfilePic);
        FB.API("/me?fields=email",HttpMethod.GET, DisplayUserEmail);
    }

    void DisplayUserName(IResult result){

        if(result.Error == null){
            ProfileName = "" + result.ResultDictionary["first_name"];
        } else {
            Debug.Log(result.Error);
        }

    }

    void DisplayUserEmail(IResult result){

        if(result.Error == null){
            Debug.Log(result);
            ProfileEmail = "" + result.ResultDictionary["id"];
        } else {
            Debug.Log(result.Error);
        }

    }

    void DisplayProfilePic(IGraphResult result){

        if(result.Texture != null){
            ProfilePic = Sprite.Create(result.Texture, new Rect(0,0,128,128), new Vector2());
        } else {
            Debug.Log(result.Error);
        }

    }
}

FB_script.cs: (script that contains data) 

using UnityEngine;
using UnityEngine.UI;
using System.Collections;
using System.Collections.Generic;
using Facebook.Unity;

public class FB_script : MonoBehaviour {

    public GameObject DialogLoggedIn;
    public GameObject DialogLoggedOut;
    public GameObject logInStatusLabel;
    public GameObject Name;
    public GameObject ProfilePic;

    void Awake()
    {
        FB_manager.Instance.InitFB();
        HandleMenu(FB.IsLoggedIn);
    }

    public void FBLogin() {
        var perms = new List<string>() { "public_profile", "email",     "user_friends", "publish_actions"};
        FB.LogInWithReadPermissions(perms, AuthCallback);
    }

    private void AuthCallback(ILoginResult result)
    {
        if (FB.IsLoggedIn) {
            HandleMenu(FB.IsLoggedIn);
            Debug.Log("User logged in");
            FB_manager.Instance.IsLoggedIn = true;
            FB_manager.Instance.GetProfile();
            // AccessToken class will have session details
            var aToken = Facebook.Unity.AccessToken.CurrentAccessToken;
            // Print current access token's User ID
            Debug.Log(aToken.UserId);
            // Print current access token's granted permissions
            foreach (string perm in aToken.Permissions) {
                Debug.Log(perm);
            }
        } else{
            Debug.Log("User cancelled login");
        }
        HandleMenu(FB.IsLoggedIn);
    }

    void HandleMenu(bool isLoggedIn) {
        if (isLoggedIn) {
            DialogLoggedIn.SetActive(true);
            DialogLoggedOut.SetActive(false);
            logInStatusLabel.GetComponent<Text>().text = "Logged in as: ";

            if(FB_manager.Instance.ProfileName!=null){
                Text userName = Name.GetComponent<Text>();
                userName.text = "" + FB_manager.Instance.ProfileName;
            } else {
                StartCoroutine("WaitForProfileName");
            }

            if(FB_manager.Instance.ProfilePic!=null){
                Image image = ProfilePic.GetComponent<Image>();
                image.sprite = FB_manager.Instance.ProfilePic;
            } else {
                StartCoroutine("WaitForProfilePic");
            }

            if(FB_manager.Instance.ProfileEmail!=null){
                Text userName = Name.GetComponent<Text>();
                userName.text = "" + FB_manager.Instance.ProfileEmail;
            } else {
              StartCoroutine("WaitForProfileEmail");
            }

        } else {
            DialogLoggedIn.SetActive(false);
            DialogLoggedOut.SetActive(true);
            logInStatusLabel.GetComponent<Text>().text = "Not logged in";
        }
    }


    IEnumerator WaitForProfileName(){
        while(FB_manager.Instance.ProfileName==null){
            yield return null;
        }
        HandleMenu(FB.IsLoggedIn);
    }

    IEnumerator WaitForProfilePic(){
        while(FB_manager.Instance.ProfilePic==null){
            yield return null;
        }
        HandleMenu(FB.IsLoggedIn);
    }

    IEnumerator WaitForProfileEmail(){
        while(FB_manager.Instance.ProfileEmail==null){
            yield return null;
        }
        HandleMenu(FB.IsLoggedIn);
    } 
}

I can connect to the database within Unity so that it access the database in order to update the table. Giving only update privileges when connecting within unity. The id and sc can then be enclosed by a script (embedding php into the script) to update the table. Will users be able to change the id inside the script? When deploying the game will user be able to edit scripts?

1 answers

solution1
 1 ACCPTED  2016-06-24 00:31:51

When a user logs in with Facebook credentials, then set their id in a session variable. Use the session variable in your sql query so that only the user can update their cards.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to make this login/redirect method more secure How to make Servlet calls from JSP more secure? How to secure the php code? How to make a secure game in javascript? How to make REST calls secure Anyway to make API calls to HTTP basic auth more secure? Does HTML5 make Javascript gaming safer (more secure)? is php or javascript more secure when populating dropdown boxes How to make the superposing of two or more images on server-side PHP? How to Make javascript activate a PHP part of code (more specifically include)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM