如何使php更加统一
[英]How to make php more secure in unity
问题描述
我希望使用php更新数据库中的表。 我正在使用php统一开发游戏来检索和更新数据。 每个用户都使用他们的FB详细信息登录(使用FB API的正确方法),但是现在,用户名是唯一的int ID和需要更新的sc列。
这是一个链接示例: http : //www.mydomain.co.za/php/myphp2.php?id= 1&sc = “ 1,2”
PHP代码(myphp2.php):
<?php
require_once('/home/########/public_html/php/mysqli_connect.php');
$id = $_GET['id'];
$selected_cards = $_GET['sc'];
$query = "UPDATE PlayerCards SET SelectedCards=$selected_cards WHERE ID=$id";
$response = @mysqli_query($dbc, $query);
if($response){
echo 'Updated the sc of the selected id';
} else {
echo 'could not execute database query 2';
}
?>
这样,我可以使用浏览器更新任何用户的sc值。 (大问题)
这是我的Unity C#脚本,用于检索我将在数据库中用于存储值的facebook用户的登录ID:
FB_manager.cs :(包含数据的脚本)
using UnityEngine;
using UnityEngine.UI;
using System.Collections;
using System.Collections.Generic;
using Facebook.Unity;
public class FB_manager : MonoBehaviour {
private static FB_manager _instance;
public static FB_manager Instance
{
get {
if(_instance == null){
GameObject fbm = new GameObject("FBManager");
fbm.AddComponent<FB_manager>();
}
return _instance;
}
}
public bool IsLoggedIn {get; set;}
public string ProfileName {get; set;}
public Sprite ProfilePic {get; set;}
public string ProfileEmail {get; set;}
void Awake()
{
DontDestroyOnLoad(this.gameObject);
_instance = this;
}
public void InitFB(){
if (!FB.IsInitialized) {
// Initialize the Facebook SDK
FB.Init(InitCallback, OnHideUnity);
} else {
IsLoggedIn = FB.IsLoggedIn;
}
}
private void InitCallback()
{
if (FB.IsInitialized) {
Debug.Log("FB is logged in");
GetProfile();
FB.ActivateApp();
} else {
Debug.Log("FB not logged in");
}
IsLoggedIn = FB.IsLoggedIn;
}
private void OnHideUnity(bool isGameShown)
{
if (!isGameShown) {
// Pause the game - we will need to hide
Time.timeScale = 0;
} else {
// Resume the game - we're getting focus again
Time.timeScale = 1;
}
}
public void GetProfile(){
FB.API("/me?fields=first_name",HttpMethod.GET, DisplayUserName);
FB.API("/me/picture?type=square&height=128&&widht=128",HttpMethod.GET, DisplayProfilePic);
FB.API("/me?fields=email",HttpMethod.GET, DisplayUserEmail);
}
void DisplayUserName(IResult result){
if(result.Error == null){
ProfileName = "" + result.ResultDictionary["first_name"];
} else {
Debug.Log(result.Error);
}
}
void DisplayUserEmail(IResult result){
if(result.Error == null){
Debug.Log(result);
ProfileEmail = "" + result.ResultDictionary["id"];
} else {
Debug.Log(result.Error);
}
}
void DisplayProfilePic(IGraphResult result){
if(result.Texture != null){
ProfilePic = Sprite.Create(result.Texture, new Rect(0,0,128,128), new Vector2());
} else {
Debug.Log(result.Error);
}
}
}
FB_script.cs :(包含数据的脚本)
using UnityEngine;
using UnityEngine.UI;
using System.Collections;
using System.Collections.Generic;
using Facebook.Unity;
public class FB_script : MonoBehaviour {
public GameObject DialogLoggedIn;
public GameObject DialogLoggedOut;
public GameObject logInStatusLabel;
public GameObject Name;
public GameObject ProfilePic;
void Awake()
{
FB_manager.Instance.InitFB();
HandleMenu(FB.IsLoggedIn);
}
public void FBLogin() {
var perms = new List<string>() { "public_profile", "email", "user_friends", "publish_actions"};
FB.LogInWithReadPermissions(perms, AuthCallback);
}
private void AuthCallback(ILoginResult result)
{
if (FB.IsLoggedIn) {
HandleMenu(FB.IsLoggedIn);
Debug.Log("User logged in");
FB_manager.Instance.IsLoggedIn = true;
FB_manager.Instance.GetProfile();
// AccessToken class will have session details
var aToken = Facebook.Unity.AccessToken.CurrentAccessToken;
// Print current access token's User ID
Debug.Log(aToken.UserId);
// Print current access token's granted permissions
foreach (string perm in aToken.Permissions) {
Debug.Log(perm);
}
} else{
Debug.Log("User cancelled login");
}
HandleMenu(FB.IsLoggedIn);
}
void HandleMenu(bool isLoggedIn) {
if (isLoggedIn) {
DialogLoggedIn.SetActive(true);
DialogLoggedOut.SetActive(false);
logInStatusLabel.GetComponent<Text>().text = "Logged in as: ";
if(FB_manager.Instance.ProfileName!=null){
Text userName = Name.GetComponent<Text>();
userName.text = "" + FB_manager.Instance.ProfileName;
} else {
StartCoroutine("WaitForProfileName");
}
if(FB_manager.Instance.ProfilePic!=null){
Image image = ProfilePic.GetComponent<Image>();
image.sprite = FB_manager.Instance.ProfilePic;
} else {
StartCoroutine("WaitForProfilePic");
}
if(FB_manager.Instance.ProfileEmail!=null){
Text userName = Name.GetComponent<Text>();
userName.text = "" + FB_manager.Instance.ProfileEmail;
} else {
StartCoroutine("WaitForProfileEmail");
}
} else {
DialogLoggedIn.SetActive(false);
DialogLoggedOut.SetActive(true);
logInStatusLabel.GetComponent<Text>().text = "Not logged in";
}
}
IEnumerator WaitForProfileName(){
while(FB_manager.Instance.ProfileName==null){
yield return null;
}
HandleMenu(FB.IsLoggedIn);
}
IEnumerator WaitForProfilePic(){
while(FB_manager.Instance.ProfilePic==null){
yield return null;
}
HandleMenu(FB.IsLoggedIn);
}
IEnumerator WaitForProfileEmail(){
while(FB_manager.Instance.ProfileEmail==null){
yield return null;
}
HandleMenu(FB.IsLoggedIn);
}
}
我可以连接到Unity中的数据库,以便它访问数据库以更新表。 统一连接时仅授予更新特权。 然后可以用脚本将id和sc括起来(将php嵌入脚本中)以更新表。 用户可以在脚本中更改ID吗? 部署游戏时,用户可以编辑脚本吗?
1 个解决方案
解决方案1
1 已采纳 2016-06-24 00:31:51
当用户使用Facebook凭据登录时,请在会话变量中设置其ID。 在sql查询中使用会话变量,以便只有用户才能更新其卡。
如何使javascript激活PHP的代码部分(具体包括)
[英]How to Make javascript activate a PHP part of code (more specifically include)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.