Hello everyone
--------------
_
(first sorry about my english is not good)
_
I have a problems with C#, PHP, MYSQLi.
I made a form for Login & Registration system with Unity.
_
This a simple C# function for user registration.
IEnumerator registrar(
string name,
string username,
string email,
string password
) {
// This is what sends messages to our php script
WWWForm form = new WWWForm();
// The fields are the variables we are sending
form.AddField("name", name);
form.AddField("username", username);
form.AddField("email", email);
form.AddField("password", password);
string url = "http://www.my-server.com/registrar.php";
UnityWebRequest www = UnityWebRequest.Post(url, form);
// Wait for php to send something back to unity
yield return www.SendWebRequest();
if (
www.isNetworkError || www.isHttpError
) {
Debug.Log("Error!");
} else {
Debug.Log("Complete!");
}
}
___
The PHP code
real_escape_string($_POST["name"]);
$username = $db->real_escape_string($_POST["username"]);
$email = $db->real_escape_string($_POST["email"]);
$password = $db->real_escape_string($_POST["password"]);
$password_hash = password_hash($password, PASSWORD_DEFAULT);
// E-mail can not be empty
if(
!empty($email)&&
!empty($username)&&
!empty($password)
) {
// Insert user data
$db->query("INSERT INTO `user`(`username`, `name`, `email`, `password`) VALUES ('$username', '$name', '$email', '$password_hash')");
// Display...
echo "Success!";
} else {
// Display an error
echo "Error!";
}
?>
Everything is OK, The PHP code are work to.
_
But my problem now what gonna happen if the hackers get the URL of registration page, And make for himself a form just like my form and use my URL of registration page and using.
_
This is my problem, This problem will hack the Game data Like (Score, Total play, Time play, Otherss data).
_
So how can i protect & secure (request post) Do i have do something in PHP or C#.
_
please help me :(
↧