Okay, let me give you some background:
I have a flash game. I need to send its score. The score itself doesn't matter, but the whole fact of sending the score does. I need to protect the url and http POST methods variables so many automated requests to my server won't happen. Of course I cannot stop this from happening, but I can validate each request to make sure which is legit and which isn't.
Seeing how easily changable POST variables are using a variety of easy access software (tamper data in firefox, etc), I want to use flash to call a javascript function (getURL("javascript:functionName();") - pretty easy) and that javascript function would write to a text file or even directly to mySQL or PHP itself in which case I wouldn't even need to do a POST via loadVars.
I found out the javascript being clientside, can't write to mySQL directly and I've read about it and recieved conflicting answers on whether or not it can create/write to/save a text file on the server. But since that would be SERVERSIDE and javascript is CLIENTSIDE, that idea doesn't seem that viable/possible.
But I found an easy shortcut. Use javascript to create an <img> and then make it such that the src is a php file (e.g. <img src="http://www.mydomain.com/writehere.php?var1=word1&var2=word2">) and this way the client cannot change any of the code.
Just to let you guys know, if this post seems like I'm writing it as I think it out, its because thats true.
Now I realize that the client can just copy+paste the src url and put in the variables and cheat the system. so therefore I will need to do this and a post from flash to double check each other. Also in the flash code when I do the getURL("javascript:function.... I will have to make it getURL("javascript:function(var1,var2,var3)") - will that work?
----------- Okay the above is very confusing, below I will write in a nutshell what I'd like to know ---------
User wins the game. At the time of winning, the flash file gets the date (time and date) and writes that to a variable to be accessed many times. Then the flash file calls the javascript function and sends getURL("javascript:function(theDATE)"). Then the javascript code opens an php image <img src="blabla.php?theDate=DATE"> and then the php code writes to a mySQL database with the users IP Address and that date. Then the flash file (using LoadVars) php POSTs to a different php file and posts theDATE encrypted in md5 (I found a AS class that does this correctly) and a few other parameters to throw off a possible hacker. Then when that php POST occurs, the PHP file searches for that users IP Address and returns all possible dates/times (my file will be accessed a lot by school kids who use the schoolboard pcs which will all have the same IP ADDRESS) in the mySQL database. It then md5 hashes all of the data/times from the mySQL database and compares it with the php POSTed md5 hash. If any are a match, it counts the score and then deletes that mySQL entry. Would this work as I wrote it?
Please take some time and read and try to help out PLEASE. This is a for a big project that I am undertaking that is very worthy and I promise to show you guys it once it is up and running!
Thank you!
rnc505
A Flash Developer Resource Site
Reply With Quote
