Re: Please hack my highscore table code
- From: Schraalhans Keukenmeester <nomail@xxxxxxxxxx>
- Date: Thu, 29 Sep 2005 11:19:01 +0200
digiguru@xxxxxxxxx wrote:
Could be a toughie. First of all you should transfer that data encrypted to at least throw off easy hack attempts that just send the same data from a custom header instead of the flash app.I'm trying to create a highscrore table in Flash using PHP to store the highscores in a text file on the server.
I want to make it as robust as possible without letting people whack in their own high scores. Whats the best way of achieving this?
here is the code.
<?php //These variables currently come from a form. //I the future they are going to be passed via a flash movie //I understand flash movies are easy to bust apart, // so whats the best way of preventing people from people adding dodgy scores? $userName = $_POST['myName']; $userEmailAddress = $_POST['myEmail']; $userScore = $_POST['myScore'];
$filename = "highscores.php"; //Currently our server only accepts ".php" files, not ".txt" - which is ANNOYING! //The style of the text file is... "$userName,$userEmailAddress,$userScore\n" // for 10 to 50 lines of high scores, depending on how fast it runs. $numScores; $highScoreArray;
// I havn't whacked any functions in it as I believe // each function is a key that can be used to hack, am I right? if (!$userEmailAddress) { echo "error : no email address"; exit; } else { if(!file_exists( $filename )) { echo "error : no highscore file"; } else { $highScoreArray = file ($filename); $numScores = count($highScoreArray); $fp = fopen($filename,"w"); if(!$fp) { echo "error : couldn't open data file"; } else { $highScoreRow = ""; $highScoreRowBuffer = ""; for ($i=0; $i<$numScores; $i++) { //loop through from the begining of the file to the end $highScoreRow = $highScoreArray[$i]; $highScoreRowArray = explode (",",$highScoreRow); $highScore = $highScoreRowArray[2]; // the high score is the last one in the list if ($highScore < ($userScore+1)) { //If its a new high score (I add one to give priority to newer scores) if ($highScoreRowBuffer == "") { //This is to enter the new high score $highScoreArray[$i] = "$userName,$userEmailAddress,$userScore\n"; } else { //This moves the previous not quite so high score to move down the table $highScoreArray[$i] = $highScoreRowBuffer; } // assign the buffer to remember the highscore as it will be moving down the list now. $highScoreRowBuffer = $highScoreRow; } } // Write to file for ($i=0; $i<$numScores; $i++) { fwrite($fp, $highScoreArray[$i]); } } fclose($fp); echo "<a href='highscores.php'>Here is the new highscores file</a>"; } } // This is a code I pulled off another site to prevent hacking, should I be using it everywhere in the page?! function fix_for_page($value){ $value = htmlspecialchars(trim($value)); if (get_magic_quotes_gpc()) $value = stripslashes($value); return $value; }
?>
You could use a CRC checksum value or something like it (md5hash) on the flash file itself as part of the encryption perhaps ? Or maybe import a one-time key in the Flash app at its start from your server ? Cookies ? Etc...
Just a few thoughts. GL Sh .
- References:
- Please hack my highscore table code
- From: digiguru
- Please hack my highscore table code
- Prev by Date: Re: PHP,PEAR DB numRows Hack for Oracle Not Working
- Next by Date: Re: PHP Mail() and Exchange Server
- Previous by thread: Please hack my highscore table code
- Next by thread: PHP Mail() and Exchange Server
- Index(es):
Relevant Pages
|
