Is it so bad to work directly to the server and the client?

Z

Zimaell2020-07-04 16:11:00

PHP

Zimaell, 2020-07-04 16:11:00

A game where more than one player can be on the same stage.
Foreword

spoiler

Авторизация происходит по такому принципу.
При авторизации, на сервере генерируется 2 ключа md5 сгенерированных случайным образом, далее при каждом запросе они проверяются, если пользователь вышел из игры то при следующем входе они снова генерируются, так будет отдаваться информации конкретному пользователю, и возможности взлома так же не будет.

Сам бой
Во время боя для обоих (или более) пользователей создается временная таблица где будут записываться и синхронизироваться действия, каждые 5 сек отправляются данные на сервер о произошедшем на сцене от игрока хоста (причем этот тот кто находится онлайн), остальным отправляется все происходящее.

При каждой проверке код будет вглядеть так

<?php
if(empty($_POST['Key1']) || empty($_POST['Key2']) || empty($_POST['ServerKey'])) exit();
$key1=$mysqli->real_escape_string(strval($_POST['Key1']));
$key2=$mysqli->real_escape_string(strval($_POST['Key2']));
if($mysqli->real_escape_string(strval($_POST['ServerKey']))!="oiervu3h498gh41hg[0h3b2%#[email protected]#134t3") exit();
$mysqli=new mysqli('localhost','root','.................','table');
if(!$mysqli) die('Error Connect: '.mysql_error());
$r=$mysqli->query("SELECT `id` FROM `users` WHERE `key1`='".$key1."' AND `key2`='".$key2."' LIMIT 1");
if(mysqli_num_rows($r)!=1){
  mysqli_free_result($r);
  $mysqli->close();
  exit();
  }
# Если ключи совпадают то вытягивать нужные данные и возвращать
$mysqli->close();
exit();
?>

Нету таких ключей бб...

Actually, the question is - I read a lot where such calls are directly harmful, that some kind of intermediary server is needed, or that using the PHP + MYSQL bundle is a bad idea, they say there is nothing to do to hack.
Although the example that I gave above, I thought I couldn’t get around it, how can I pick up 2 constantly generated keys + a server key that will be sewn directly into the code?
Another question is whether there will be problems with the fact that it will be written in PHP, some write that it is with a large online (and some large online has 500+) will hang up the server, they say it’s better in C # ...

Many also wrote that "not you need to invent a bicycle, everything is already in unity for this", but as far as I know, there’s not much online (for the free version), and this is third-party software, otherwise it’s your own server ...

In general, let's discuss this topic, who is not too lazy ... :)

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

G

GavriKos, 2020-07-04
@GavriKos

Keeping realtime in the database, and even in sql, is bad.
It is extremely desirable to do realtime on sockets.
As for protection - if the request is not signed - then what prevents me from intercepting it and modifying it? All these keys, if it's just part of the request and does not depend in any way AT LEAST on the content of the request, then they are of no use.
I would take ready-made solutions FOR THE FIRST TIME, and not make a real-time bicycle. Shoot - rewrite.

S

Stanislav Bodrov, 2020-07-05
@jenki

Actually the question is - I read a lot where such appeals are directly harmful

What exactly is the harm? Very interesting.

Another question is whether there will be problems with the fact that it will be written in PHP, some write that it is with a large online (and some large online has 500+) will hang up the server, they say it’s better in C # ...

See how to write.