I have recently written a leaderboard for one of my apps thats based in PHP. The client side (the app) is all done, but I need to iron out my PHP stuff...
At current, the php recieves the POST and writes it to a text file. Eventually this should be a more formal database... Security (anti-cheating) is also a small issue... One of my friends managed to add in a score in a few minutes...
I have thought about ways of stopping this:
1. MD5 hash the score, to dissuade some people and add some kind of integrity without adding "cryptography" as apple would call it...
2. Add a secret string that is known only to the client and serverside script. Then if the secret is missing in the POST, reject the POST.
3. Consider the userbase, and forget about it... deal with it when it becomes a problem?
Here's where your fun can begin. I'm not going to make it easy for you, so I will only give the URL of the resultant leaderboard and the submit script. See where you can go from there...
If people find it too hard, i could hint to the two strings that are posted... If you can post something, the php should echo meh and the result visible on the /hackit url. Then please allude to me on how you did so, and possible improvements
No replies to this topic
Posted 17 February 2011 - 08:21 AM
UPDATE: Rewritten after fininding out my ints and chars were unsigned and saves to SQL instead. Thanks
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users