I left this as unpaid, because 1) my budget is non-existent, and 2) I had intended to release it to the community anyway had I finished it myself. Unfortunately I don’t have a lot of back-end web experience. I’m much more of a designer.
Basically I need a login/user system that will allow a player to sign-in from the game using data from a WordPress community, but will also be able to push stats back to the site where I will display them on user profiles (that part I can handle). I understand the principles of what I need to do, and if this doesn’t get a response then I’ll simply continue bashing away at it, but it’s a major hamper to my project at the moment. The site is currently on localhost for testing, but I have a VPS it will run on once it’s live.
I don’t much care how the system is handled, if you as the creator feel that another method is better than the VaRest idea, then by all means.
I’m currently working in this area developing both the UE4 Client-side Online Subsystem (OSS) and ArcadeKomodo.com Online API on the HTTPS Server-side. I’m currently focused on the Web operations and I’m also using Wordpress. Earlier in my development for Dragon’$ Gold, I reviewed the VaRest Plugin, but, elected to go with JSON Query. UE4’s OSS actually pays more consideration to working with several popular online APIs (ie: Steam, Facebook, GooglePlay, IOS, Xbox, others ), however, it requires C++ intervention to implement. I’ve decided to take advantage of UE4’s OSS.
From your description, you’re going to require more than just a Authentication and UE4’s OSS could better serve your needs providing an interface for Sessions, Achievements/Stats, Leaderboards, etc. There are couple of Plug-ins out there that could handle the task in UE4 such as GameJolt OSS (w/ a little reverse engineering). But if you want to use VaRest you’ll just have to format the client side Request/Response handler in JSON. GameJolt’s API is easy to understand and may provide ideas for designing your own.
I would anticipate scripting a API Handler on the HTTPS Server Side in PHP to handle the Authentication Request. In fact, I’m currently developing a Wordpress Plugin for API Handling and providing admin backend/user frontend on the Website. With this approach UE4 Game Server administration can be provided from the Wordpress.
The Authentication Request for establishing the Session should at minimum contain Username/Password token, and the HTTPS Server should respond with a Success or Fail result. Security is highly important for my game services, so I associate several pieces of data to Security Token and just pass back the Security Token for many of the transactions. In either case, you’ll have to devise full proof an retry/exit strategy on the client side to deal with the authentication failure.
Security is top priority. In my opinion, you should be fully aware of how these system are designed and implemented on both Client and Server. I personally would not risk such a sensitive data in the hands of a outside programmer without signing Liability Agreements. I don’t have any issues discussing the problems and solutions I’m encountering along my journey developing these systems.