HTTP Cookies

Hi there,

I have created a few games now, and love Stencyl! However, my intention is to integrate this with an existing website (not any of the ones that are supported).

What I want to do is have all my games, and when users play them and reach the end of a level, or save.... submit the score to the website to store this in a database (so that we can have scoreboards.

I have tried numerous ways of doing this, such as "Visit URL" and basically getting the logged in username. I can also POST out a string of data to store in a database. But I need it to be hack proof, and with this method, any script kiddie could find out the POST strings and cheat their score.

I need my website to send the game a security token or something (this isn't a problem), however I need my game to interpret this, attach the username and score, and then send it back. If the website verifies the token.... it updates the score.

I have established the best way of doing this is for the game to read the HTTP cookie of the website it's installed on and generate a random number on the game to act as a security token.

However.... please someone help..... how do I access HTTP cookies from within the game editor?

POST is much more secure than GET, which is visible on the URL. I'd send the scores using the POST to URL function and then have some PHP code on the server that accesses the scores using $_session - that way you could post the data along with the players name, times, levels, etc and still break them down into separate fields on the server. You could even use random numbers in fields before and after the scores to obfuscate things or use a formula to hide things - send score /4 +27 for example in the midst of other numbers and use the session array to break it down into fields and then just decode the score field on the server.

If you can access the cookie data you need client-side, you can pass it into Stencyl using FlashVars:

http://www.stencyl.com/help/view/web-requests/ (scroll down)

Ahh right, I'm with you!

This will be going on an already established community with over 50,000 active users a month across 7 languages.... we are bound to have hackers on there!

It's all coded in C# ASP.NET.

So then I could do the following....

GET the username from the HTTP cookie
POST the username, the game name, the score & the time.

I get the point about sending the score /4 +27 and some random numbers, and then decoding it on the server. But how would that stop hackers? They could still use the POST string to update their score, couldn't they?

If you can access the cookie data you need client-side, you can pass it into Stencyl using FlashVars:

http://www.stencyl.com/help/view/web-requests/ (scroll down)

I just always get the following error:

Behavior: Design_28_28_ScoreManager at line 179
Call to a possibly undefined method LoaderInfo.
var paramObj:Object = LoaderInfo(FlxG.stage.root.loaderInfo).parameters;

 

Try importing it from the flash.display package.

Thanks for all the replies Much appreciated. I've never coded AS3 before so I'm a little bit stuck.

Still no luck I'm afraid. The Stencylpedia doesn't go into it too much.

So basically, I've set my Flash Variables in my <object> code. Let's say for now, that's just 'LoggedInUser' and 'UserID'.

How would I then access these Flash variables from within the game? Do I have to name them the same as an attribute? If I have Flash variables LoggedInUser and UserID, do they then get turned into an attribute that I can use in design view?

At the moment.... I'm using a new behaviour and a "When Creating" event, then adding in a custom code block from the Flow section. Then pasting this in....

var keyStr:String;
var valueStr:String;
var paramObj:Object = LoaderInfo(FlxG.stage.root.loaderInfo).parameters;
for (keyStr in paramObj) {
valueStr = String(paramObj[keyStr]);
   print(keyStr);
   print(valueStr);
}

Still getting an error, even if I determine the strings.