GameMaker Encoding HTTP_POST GML>PHP

C

Cryptik

Guest
Good day to you,

Let me start out by saying a massive thank you to the staff for their product GameMaker and their relentless drive and ambition to keep it going for all the years I've been using it. Feels like it's been over a decade. Thanks for your time keeping a community here too, It takes much more skills than you need to make great games just keeping this here also. Goes without saying any good forum community is not complete without a strong and dedicated member base, So keep up what you're doing cause it works; "A phrase many of us programmers will be accustomed to". :)

To keep on point, I'm here with a problem I've been trying to solve for a few days. I'm devising a game which I'll be hosting on the well known games portal which is Kongregate. This isn't my first game there, as I have released a previous title there which to me was quite well received albeit many of the players kept requesting the same sort of features which one stuck out more than most which was 'cloud saving / loading', because I realized my current method of saving files to the device became useless for browsers or perhaps users that keep their devices as clean as I like to keep my own. (Removing their progress in my game)

So I've created a solution to use http_post_string with a set of arguments to a php script backend to store all the good variables and stuff to a database; Pretty standard stuff I imagine. My problem is despite it is working, The data I transmit is in plaintext and so easy to read and most probably easy to tweak and send modified commands to gain a handicap in my games which feature online highscores through the KongAPI (which is irrelevant to the post so won't talk too much about it).

What I think (I could be wrong) is; what I need to do is first encrypt my variables values, which I'm currently doing with a basic and easy to find vigenere script in GML (with a passphrase) - which created a problem of adding digits in the URL my game sends which the php then parses as extra keys:values (date_map/array_map), so I figured base64 encoding is meant to be a way to convert these sorts of characters into code, So it should be easy to decode on the other end, That's what I thought any way but I was wrong.

Has anyone ever tried, got any tips, success stories and care to help a guy out?

It's highly probable my syntax is wrong, So I'll share what I have minus any sensitive data (So long as it's ok to be here)

script_SaveGame
(
Code:
var args = "banned="+string(bok)+"&id="+string(ident)+"&name="+string(name)+"&level="+string(lvl)+"&money="+string(cash)+"&xp="+string(px)+"&lvlup="+string(lvlup)+"&bitcoin="+string(bits)+"&pendbitcoin="+string(pend)+"&tokens="+string(tkns)+"&secret_key=REDACTED";
http_post_string("https://REDACTED.altervista.org/Cache/p_data.php", "data=" + string(base64_encode(args)));
)

This sends a string to my server like so:
Code:
data=YmFubmVkPTAmaWQ9MCZuYW1lPTAmbGV2ZWw9TSZtb25leT1NJnhwPU0mbHZsdXA9UkNDSiZiaXRjb2luPU1DQ0pEOzxCQzwmcGVuZGJpdGNvaW49TUNDSkQ7PEJDPCZ0b2tlbnM9TkUmc2VjcmV0X2tleT04MDA4MTM1

p_data.php
(
PHP:
<?php
    header('Access-Control-Allow-Origin: *');
    // Connect to database
    $db = new PDO('mysql:host=localhost;dbname=my_REDACTED', 'REDACTED');

    // Check secret key, if correct, then insert name and score
    $secret_key = "REDACTED";
    $encoded = $_POST['data'];
    $decoded = array_map(base64_decode($encoded));

    if($secret_key == $decoded['secret_key'])
    {


        $sql = "REPLACE INTO Cache VALUES (:banned, :id, :name, :level, :money, :xp, :lvlup, :bitcoin, :pendbitcoin, :tokens)"; // Create a statement
        $stmt = $db->prepare($sql);
        $stmt->bindParam(':banned', $banned, PDO::PARAM_STR);
        $stmt->bindParam(':id', $id, PDO::PARAM_STR);
        $stmt->bindParam(':name', $name, PDO::PARAM_STR);
        $stmt->bindParam(':level', $level, PDO::PARAM_STR);
        $stmt->bindParam(':money', $money, PDO::PARAM_STR);
        $stmt->bindParam(':xp', $xp, PDO::PARAM_STR);
        $stmt->bindParam(':lvlup', $lvlup, PDO::PARAM_STR);
        $stmt->bindParam(':bitcoin', $bitcoin, PDO::PARAM_STR);
        $stmt->bindParam(':pendbitcoin', $pendbitcoin, PDO::PARAM_STR);
        $stmt->bindParam(':tokens', $tokens, PDO::PARAM_STR);

        // Get data from URL string
        $banned = $decoded['banned'];
        $id = $decoded['id'];
        $name = $decoded['name'];
        $level = $decoded['level'];
        $money = $decoded['money'];
        $xp = $decoded['xp'];
        $lvlup = $decoded['lvlup'];
        $bitcoin = $decoded['bitcoin'];
        $pendbitcoin = $decoded['pendbitcoin'];
        $tokens = $decoded['tokens'];

        // Execute statement
        $stmt->execute();
        echo '0';
    }
    else
    {
        echo 'IMPROPER USAGE DETECTED';
    }
$db = NULL;
?>
)


I'm not that familiar to php but have hope and determination atleast that I will get a secure cloud save system working. The GameMaker documentation is a good resource, but the php ones are, are... well just something else often with the odd comment stretching back about 15-18 years!! :eek:

I did look at Playfab, Backendless, Gamesparx - They all seem more difficult for all I need to be able to do.
Any help or focus will be gratefully received.
 
Top