So I figure this is probably better off here than in blueprints, and I’m going to preface this with me not having a massive amount of networking experience, I more or less know how to work with MySQL and such because I setup our community, but outside of some simple actions and user management, it’s usually beyond me. But we are currently short a networking expert.
We still have some time to work this out as it isn’t a major feature and we are still early in the project, but despite our game being focused on single-player with some possible co-op features. We wanted our users to be able to link their game to an account on our community (running on IP.Board v4) and through that be able to push player data to their account. This way if they wish to share their stats on their community profile, they can.
I’ve found plenty of other threads where people talk about connecting to MySQL databases and the like for login systems, but since IPB uses it’s own password hashing and login tokens, is there a way that this could even work? Does anyone think they could at least point me in the right direction so we can start investigating our options asap?
TL;DR We want to try and have an “API” that a community site can pull player data and statistics from. The game is more-or-less a single-player game with a few online functions.
Yes there is. An ‘easy’ way could be that when the user logs in, you just feed the data onto the IPB login page, but yes, tokens may be a headache or two. Or, if you know which encription is being used (MD5 + random 5 character salt) then you can simply encript the password the user enters, and compare it with the one stored in IPB’s database.
Send md5([password]) and [username] from client to server.
On server side, fetch hash and salt from db by [username].
Construct hash with the password received from client and salt which was fetched from DB;
Compare two hashes, if they are equal, create session, use IPS Connect, etc.
Use https and/or asymmetric cryptography. I’m not covering cases when for example such [username] doesn’t exist in DB.
P.S. or if you’re using PHP as a server side solution, you can use authenticateMember() function from IPSMember class to check if username and password are valid (instead of constructing hash yourself). Just pass member id (get it by [username]).
This comes up so often. It would be really helpful to the community if someone could write up a wiki entry about a basic, secured approach on connecting to a Database and login/logout
and maybe how to maintain sessions etc.
Not everyone wants to rely on Steam and other Subsystems :X
The project was actually ended prematurely from lack of funding - however we actually ended up moving from IPB to WordPress and did get something working tentatively using WordPress’s REST API. We even went as far as managing to push custom data entries (that would have been used for Achievement unlocks and such), and even a primitive online status that would push to the website.
However we never considered it functional enough to release the setup we used - we had not worked out how we would validate the information to verify that what the game was sending wasn’t being modified by a cheat client or similar. I’m pretty sure the code was lost to time when the team disbanded.