GameMaker Uploading .txt file to a server (most likely PHP)

O.Stogden

Member
Hey everyone,

The title is pretty self-explanatory on this one.

I basically have "ghost replay" data that's stored in text files, ranging in size up to around 128KB.

I was hoping to use the steam_upload_score_buffer function, but the max buffer size you can send with that is just 256bytes, so it's not big enough to handle ghost data.

So I was looking for some guidance on how to go about uploading the text file from my game, to a server with a PHP script that would read the data being sent, and save it in a .txt file on the server. There's a few guides I've seen on here on how to do this, but every single one of them seems to have negative feedback on how they're handling it. Either compatibility issues or security issues, which makes me worry that I would most likely end up with something vulnerable if I went in there and tried to cobble code together on my own.

As for downloading it, I don't think there'd be any PHP involved at that point? So it shouldn't be too hard to add downloading ghost data, once it's up on the server.
 

Arvel

Member
The only reason why negative feedbacks are where they are because many of those guides break some really basic rules of server-client interaction with HTTP, mostly on security. E.g they use $_GET instead of $_POST, they don't sanitize MySQL commands, etc. Otherwise, it's pretty straightforward.

To upload things, you'll need some PHP scripts to handle the processing. On your GM client simply use the appropriate HTTP request/response functions and you'll be good to go.

For downloading, depends on what you're trying to accomplish. Think of it like a web structure. Do you want verification? Or can anyone access the file via the URL directly? Of course the former requires you to have some additional processing.

Most of the action is done on the server. Your GM client only sends requests and receives data sent by the server, just like a web browser.
 

O.Stogden

Member
I would first consider the steam_file_*() functions (under "Cloud Functions" on this page), long before I think about hacking together anything myself with PHP.
Correct me if I'm wrong, but Steam Cloud is only accessible by the user that uploaded the file in the first place? This wouldn't work for ghost replay data of other players to compete against.

The only reason why negative feedbacks are where they are because many of those guides break some really basic rules of server-client interaction with HTTP, mostly on security. E.g they use $_GET instead of $_POST, they don't sanitize MySQL commands, etc. Otherwise, it's pretty straightforward.

To upload things, you'll need some PHP scripts to handle the processing. On your GM client simply use the appropriate HTTP request/response functions and you'll be good to go.

For downloading, depends on what you're trying to accomplish. Think of it like a web structure. Do you want verification? Or can anyone access the file via the URL directly? Of course the former requires you to have some additional processing.

Most of the action is done on the server. Your GM client only sends requests and receives data sent by the server, just like a web browser.
Ok, that's good to know, thanks.

The downloading I'm not too worried about, it should just be simply them downloading a file to temporarily store on their PC, that the game reads from and then discards. Wasn't planning on verification, unless that's something that should be added? The data itself isn't "sensitive" in any way.

I looked at some PHP tutorials on how to write a script that accepts files, although I was a little confused as to how to word the http_request/http_post etc. functions in GML. How to pass things along that the PHP script expects, like "_$files" and arguments like that.
 

NightFrost

Member
If you're gonna do uploading to server, you'll want some sort of user verification so a casual passerby can't just dump it full of trash or use as their warez stash. And if you want verification against a database don't accept anything less in your PHP tutorials than prepared PDO statements.
 

FrostyCat

Redemption Seeker
Correct me if I'm wrong, but Steam Cloud is only accessible by the user that uploaded the file in the first place? This wouldn't work for ghost replay data of other players to compete against.
Steam Cloud is only accessible by the originating user. I thought you were only storing replays for personal use.

The downloading I'm not too worried about, it should just be simply them downloading a file to temporarily store on their PC, that the game reads from and then discards. Wasn't planning on verification, unless that's something that should be added? The data itself isn't "sensitive" in any way.
It should be validated for both the validity of the Steam user and the general file format. This is not a matter of confidentiality, this is a matter of making sure your server doesn't get filled with unauthorized files that aren't what you expect.

I looked at some PHP tutorials on how to write a script that accepts files, although I was a little confused as to how to word the http_request/http_post etc. functions in GML. How to pass things along that the PHP script expects, like "_$files" and arguments like that.
I have some basic information on how to submit information to the $_GET and $_POST fields on this archived topic.

For submitting to the $_FILES field, you need to use http_request() with a multipart/form-data MIME type. I've had success with it once in GMS 1.4 (example), and the example should carry over to GMS 2.2 as-is. I said GMS 2.2 explicitly because I have finished an even better library that will solve the issue conclusively on GMS 2.3.
 

Arvel

Member
Correct me if I'm wrong, but Steam Cloud is only accessible by the user that uploaded the file in the first place? This wouldn't work for ghost replay data of other players to compete against.



Ok, that's good to know, thanks.

The downloading I'm not too worried about, it should just be simply them downloading a file to temporarily store on their PC, that the game reads from and then discards. Wasn't planning on verification, unless that's something that should be added? The data itself isn't "sensitive" in any way.

I looked at some PHP tutorials on how to write a script that accepts files, although I was a little confused as to how to word the http_request/http_post etc. functions in GML. How to pass things along that the PHP script expects, like "_$files" and arguments like that.
Think of it like a basic web system you're already familiar with. Request is when you're clicking something, which then you'll receive a callback from the server. Much like how clicking links around in a website works. Post is when you're submitting a form and sending data to the server. That's basically it.
 
Top