GMS 2 Online Highscores

[Appsurd]

First of all, a happy new year to you all! The GMS2 version is probably going to take a while, since I have been really busying doing stuff for myself.

Thank you for this guide, it's great that 3 years later you're still providing feedback and keeping this thread updated. I've spent the last half hour reading through all of the comments/feedback, what a great morning read. I can't wait to sit down and toy around with this leader board system!

You're welcome! Awesome, didn't expect anyone to read all of them

Nobody talks here about GDPR: General Data Protection Regulation. How can it be integrated with the online high score system?

"Holy open ended questions, Batman!"

1. Perhaps trim down the scope of your question to something manageable
2. Start a different topic instead of as part of a comment chain that has not much to do with gdpr
3. Be grateful that gms games no longer sends telemetry data to yoyogames, over which you would have had no control over what is sent or how it is managed

In general, you should apply one rule:
NEVER save people's email adresses, home locations, bank account, etc. until you consider it to be ABSOLUTELY NECESSARY.
If you apply this rule, you will be safe in general, because the GDPR is about personal data, and someone's highscore or username is not part of it. I would even argue that you apply this rule without having to stick to the GDPR, because you are keeping someone else's property which you also need to protect. Finally, just as @chamaeleon said, please open another topic if you would like to hear other people's opinion about GDPR compliance. My tutorial is at least perfectly safe to use (in my opinion).

EDIT: I added this answer to the FAQ in the tutorial

 

[Appsurd]

Changes:

Minor update V1.1.8:
- Thanks to a user, added a clearification about using a VPN while creating your Altervista account

 

[Energy Engine]

This looks like an amazing tool and with a comprehensive tutorial to boot. I'll definitely be looking into implementing something like this soon. Thanks!

 

[Appsurd]

Major update 1.2.3:

- Completely rewrote the tutorial for GMS2
- Renamed some variables for the sake of clarity
- Various minor changes to the sample project and tutorial text
- Added a new paid tutorial: Online Highscore Premium Edition, now available from $20 for just $10.

 

[kloac]

Hi! how are you?

I 've done and read all the tutorial, but i'm having an issue that i can't resolve. On some Android devices (especially new ones, with the last android system), the highscore table stays charging with the message "Charging highscore table", like they're without internet (but they're with internet).They can't send score to the data base and of course they can't read the high score table either.
I don't know if it's a code problem from GMS, something from Altervista or Android.

I'm using GMS2 (the last version).

Hopefully you can help me with this!
Thanks You!!

 

[FrostyCat]

On some Android devices (especially new ones, with the last android system), the highscore table stays charging with the message "Charging highscore table", like they're without internet (but they're with internet).They can't send score to the data base and of course they can't read the high score table either.
I don't know if it's a code problem from GMS, something from Altervista or Android.

Android Pie and above block plain HTTP traffic by default. Either you change your Altervista setup to HTTPS, or you add this to Option > Android > Permissions > Inject to Android Application Tag:

android:usesCleartextTraffic="true"

Do note that the latter approach will disqualify you from Google Play if the submitted information is personally identifiable. Using HTTPS instead of HTTP should always be prioritized, especially for projects done in a production-level capacity.

 

[kloac]

@FrostyCat Thank You! I can do it

I'm having another issue.. how can i get a variable from the Altervista table, and then save it in a Ini file? For example an ID?

Thanks you!!

 

[FrostyCat]

I'm having another issue.. how can i get a variable from the Altervista table, and then save it in a Ini file? For example an ID?

This tells me you have not genuinely read the tutorial, only blindly copied from it. Read it again, and actually think things over this time.

The tutorial has clear instructions on how to read values from the database on the PHP side, and how to request and parse them on the GML side. You are perfectly capable of saving yourself in this, you just chose not to. The only difference in your case is that you're trying to get an ID instead of a score (i.e. $row['ID'] instead of $row['score'] on the PHP side), and an additional write to an INI file (which isn't even related to this topic, go look up how to use INI files separately).

 

[zicman]

Hi,

Thx so much for the tutorial but there are things i dont understand.
My php SQL skill is veerrry low but when you get a date, you use GET so, in the tutorial :

Why
if($secret_key == $_POST['secret_key'])
and not
if($secret_key == $_GET['secret_key'])


and after we have
$name = $_POST['name'];
$score = $_POST['score'];
and why not
$name = $_GET['name'];
$score = $_GET['score'];

Thx a lot

 

[FrostyCat]

Hi,

Thx so much for the tutorial but there are things i dont understand.
My php SQL skill is veerrry low but when you get a date, you use GET so, in the tutorial :

Why
if($secret_key == $_POST['secret_key'])
and not
if($secret_key == $_GET['secret_key'])


and after we have
$name = $_POST['name'];
$score = $_POST['score'];
and why not
$name = $_GET['name'];
$score = $_GET['score'];

Thx a lot

Read up: Idempotence

Safe methods are HTTP methods that do not modify resources. For instance, using GET or HEAD on a resource URL, should NEVER change the resource.

Submitting a new score to be saved on a server changes the targeted resource, that means using GET is inappropriate. Reading a date from a server does not change the targeted resource, that means using GET is fine.

 

[zicman]

I try to understand ... I maybe need to read it many times

I only can say, if i write (with the good secret key of course) :
if($secret_key == $_POST['secret_key']) => the condition is wrong
When i change by _GET the condition is true (andwrong of course witha bad secret key)

But i dont try trought Gamemaker, i write the adress on chrome (with the good information instead of ***)
http://ftp.***.altervista.org/OnlineHighscores/addscore.php?name=toto&score=666&secret_key=1234
Maybe im wrong and i must work with Gamemaker ....

 

[FrostyCat]

I try to understand ... I maybe need to read it many times

I only can say, if i write (with the good secret key of course) :
if($secret_key == $_POST['secret_key']) => the condition is wrong
When i change by _GET the condition is true (andwrong of course witha bad secret key)

But i dont try trought Gamemaker, i write the adress on chrome (with the good information instead of ***)
http://ftp.***.altervista.org/OnlineHighscores/addscore.php?name=toto&score=666&secret_key=1234
Maybe im wrong and i must work with Gamemaker ....

When you type parameters into the URL like that, it is a GET request, and the parameters end up in $_GET. This is one of the first things you learn when handling requests in PHP.

This is also why if you are learning HTTP APIs, you need a request tester like Postman or cURL (gURL if you prefer a GUI). A browser's address bar is an inadequate substitute.

 

[zicman]

Ok I "understand" why my result are not conform.
I thought it was a good idea to try with a browser, unfortunatly it's not the case.
thx

 

[Binsk]

All scripts and code should work on all platforms, except HTML5. I am not completely aware what the real problem is, but it’s due to connection problems between the server where your game is hosted and the Altervista server. You might solve your problems by placing the following line in ALL your PHP files at line 2 (just after the <?php ):

I had this issue with a game of mine. From what I understand a special check known as a "pre-flight" check is performed before sending data when talking between different servers (I'm still new to this aspect so, grain of salt here).

The pre-flight request method is always "OPTIONS" where I then have to tell what kind of connections are allowed. This is where I did Access-Control-Allow-Origin: * much like specified above but I also had to specify what kind of other request methods were permitted as well as what kinds of headers.

Since the preflight and the actual request are two separate requests I would exit out of the PHP script at the end of the preflight and not process the request until the real thing came.

My code looked something like this:

<?php
   header("Access-Control-Allow-Origin: *");
   header("Access-Control-Max-Age: 60");
   if ($_SERVER['REQUEST_METHOD'] === "OPTIONS"){
      header("Access-Control-Allow-Methods: POST, OPTIONS");
      header("Access-Control-Allow-Headers: Authorization, Content-Type, Accept, Origin, cache-control"); // This is specific to you
      http_response_code(200);
      die;
   }

   // All the actual handling of input starts here:

If anyone has more info on this that would be great as I kind of stumbled through this solution when I got things working initially. I understand what it all does but I'm not 100% sure on how much of it is required.

 

[Appsurd]

@Binsk Thanks for your explanation, I'm sure that it could be helpful to others. Unfortunately, I don't know much myself about this, so I can't answer your question.

 

[Alec Armstrong]

Hi - thank you for this tutorial. I have been trying to copy the code and get a database working on my own website. My question is, with your display.php is it intended that it will print the table directly on the internet page or is it only for GameMaker to receive the data?

 

[FrostyCat]

Hi - thank you for this tutorial. I have been trying to copy the code and get a database working on my own website. My question is, with your display.php is it intended that it will print the table directly on the internet page or is it only for GameMaker to receive the data?

It displays on an internet page, like what all HTTP APIs do.

Browsers work over HTTP. GMS 2 has functions for working over the exact same protocol. So do request testers like Curl and Postman.

 

[Alec Armstrong]

Hi - I would be grateful for some help. I have an online scoreboard, but it updates perfectly if the http_post_string command is sent from a Windows Desktop version of GameMaker. However, it does not work from the HTML5 version.

My question is, is it possible to send hi-scores to an online database from a program running on HTML5?

Thank you for any comments!

 

[FrostyCat]

Hi - I would be grateful for some help. I have an online scoreboard, but it updates perfectly if the http_post_string command is sent from a Windows Desktop version of GameMaker. However, it does not work from the HTML5 version.

My question is, is it possible to send hi-scores to an online database from a program running on HTML5?

Upload your game to the same domain as the API, then it will submit properly. This is the same-origin constraint on browser-side JS, which the Manual clearly warns about:

NOTE: You should be aware that due to XSS protection in browsers, requests to and attempts to load resources from across domains are blocked and may appear to return blank results. Please see the section on Cross Domain Issues for further details.

Alternatively, implement preflight handling on the PHP side as Binsk described earlier on.

 

[Alec Armstrong]

Thank you for posting. Please can you clarify what you mean by the API.

 

[FrostyCat]

The API in the context of this tutorial is the set of PHP scripts that together define how you access the underlying database.

If you uploaded the PHP files to Altervista, then upload your game to the same Altervista Account.

 

[Alec Armstrong]

Hi - I have been trying to get GameMaker to send scores into my own database, but have had no success! I am using my own site at Protonhosting and not Altervista.

I have no problems in being able to insert, select and print out data from my database. However, my issue is that I have not been able to collect the name and score sent from GameMaker.

So my question is, does anyone have some code that will collect the name and score of data sent from GameMaker (using http:_post_string) or does anyone have any theories why I cannot collect the data??

Thank you for any comments!
Alec Armstrong

 

[chamaeleon]

Hi - I have been trying to get GameMaker to send scores into my own database, but have had no success! I am using my own site at Protonhosting and not Altervista.

I have no problems in being able to insert, select and print out data from my database. However, my issue is that I have not been able to collect the name and score sent from GameMaker.

So my question is, does anyone have some code that will collect the name and score of data sent from GameMaker (using http:_post_string) or does anyone have any theories why I cannot collect the data??

Thank you for any comments!
Alec Armstrong

Are you using the some of the PHP code from this thread unaltered? I think it would be beneficial for you to ensure you can transmit a successful request using curl towards the PHP API you have on your server. You can also create a new temporary PHP containing

<?php
phpinfo();

And display/save the result from the http request (instead of using the normal url for actually storing a score), and examine it for relevant data about parameters.

 

[Alec Armstrong]

Hi - thank you for your help! I tried a curl and sent a sample name and score to my AddNew.php. AddNew.php had no problems at all receiving and processing these dummy variables.

However, the same cannot be said for receiving a name and score from my GameMaker program! What the database is doing is storing blank values because presumably, GameMaker has called AddNew.php so the commands to input values into the database automatically happen. This suggests that GameMaker is not sending out the right information?

In GameMaker I had been using the following to try and input the values:

HighScoreName="test111";
scoreplayer=55;
http_post_string("mywebsiteaddress/AddNew.php?&id=1" +"&name="+string(HighScoreName,)+"&score="+string(scoreplayer),"");

EDIT - however, after checking this I found it needed to be:
HighScoreName="test111";
scoreplayer=55;
str = "name="+string(HighScoreName,)+"&score="+string(scoreplayer);

http_post_string("mywebsiteaddrss/OnlineHighScores/AddNew.php?",str);

So I am glad to report I have managed to import scores into my own website and can print out the results very nicely including on HTML5!

 

[kupo15]

Can't wait to go through this and check it out. Thanks!

 

[Caio]

<b>Fatal error</b>: Uncaught PDOException: SQLSTATE[HY000] [1044] Access denied for user.....
what happened?

 

[chamaeleon]

<b>Fatal error</b>: Uncaught PDOException: SQLSTATE[HY000] [1044] Access denied for user.....
what happened?

Your database code in PHP is not using a user that has permission to connect to the specified database. What options you have to correct this depends on your hosting solution, I imagine. But essentially it comes to granting sufficient privileges to a database account to perform the actions you require.

 

[Caio]

Your database code in PHP is not using a user that has permission to connect to the specified database. What options you have to correct this depends on your hosting solution, I imagine. But essentially it comes to granting sufficient privileges to a database account to perform the actions you require.

i use ProtonHosting

 

[Caio]

Your database code in PHP is not using a user that has permission to connect to the specified database. What options you have to correct this depends on your hosting solution, I imagine. But essentially it comes to granting sufficient privileges to a database account to perform the actions you require.

I gave permission. now it works.
However it is not recording the results

 

[Appsurd]

I gave permission. now it works.
However it is not recording the results

What do you mean by "is not recording the results" ? Does the tutorial show an empty highscores list? I guess you mean that after you have submitted, then the highscore list is left unchanged. Please send me a PM with your PHP code and GMS scripts/functions, and I'm happy to help you out