Scottapotamas Posted February 17, 2011 Share Posted February 17, 2011 UPDATE: Rewritten after fininding out my ints and chars were unsigned and saves to SQL instead. Thanks Hello, I have recently written a leaderboard for one of my apps thats based in PHP. The client side (the app) is all done, but I need to iron out my PHP stuff... At current, the php recieves the POST and writes it to a text file. Eventually this should be a more formal database... Security (anti-cheating) is also a small issue... One of my friends managed to add in a score in a few minutes... I have thought about ways of stopping this: 1. MD5 hash the score, to dissuade some people and add some kind of integrity without adding "cryptography" as apple would call it... 2. Add a secret string that is known only to the client and serverside script. Then if the secret is missing in the POST, reject the POST. 3. Consider the userbase, and forget about it... deal with it when it becomes a problem? Here's where your fun can begin. I'm not going to make it easy for you, so I will only give the URL of the resultant leaderboard and the submit script. See where you can go from there... http://26oclock.com/hackit http://26oclock.com/hackit/submit.php If people find it too hard, i could hint to the two strings that are posted... If you can post something, the php should echo meh and the result visible on the /hackit url. Then please allude to me on how you did so, and possible improvements Thanks Link to comment Share on other sites More sharing options...
Recommended Posts