How do I only let my c3 android app have access to my php script?

0 favourites
  • 3 posts
From the Asset Store
[C2] [C3] Support C3 build service and Android 14
  • Hi guys I have a script on a server - I run the script through an AJAX request in c3 - How do i stop the public running my script outside my app? - How do I only let my script run when my app requests it nothing else?

  • Generate a hash in the app and send it to the script with your other data. In the script, generate the same hash and compare if both hashes match. If they don't match, don't execute the rest of the script.

    CBHash plugin (link to C3 version on the last page):

    construct.net/en/forum/extending-construct-2/addons-29/plugincb-hash-md5-sha-1-sha-39765

    Make sure to use the same hashing function in the php, if you don't know how, try searching on stackoverflow.

    .

    Example:

    You want to send player score to the server. In the app generate a hash MD5(secret_key & score)

    Send to the PHP two values: score, hash.

    In the PHP script, also generate a hash MD5(secret_key & score_received)

    Compare if generated_hash is the same as received_hash.

    Of course, the secret_key should be same in your app and in the PHP script, don't share it anywhere and don't send it with the data.

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • Generate a hash in the app and send it to the script with your other data. In the script, generate the same hash and compare if both hashes match. If they don't match, don't execute the rest of the script.

    CBHash plugin (link to C3 version on the last page):

    https://www.construct.net/en/forum/extending-construct-2/addons-29/plugincb-hash-md5-sha-1-sha-39765

    Make sure to use the same hashing function in the php, if you don't know how, try searching on stackoverflow.

    .

    Example:

    You want to send player score to the server. In the app generate a hash MD5(secret_key & score)

    Send to the PHP two values: score, hash.

    In the PHP script, also generate a hash MD5(secret_key & score_received)

    Compare if generated_hash is the same as received_hash.

    Of course, the secret_key should be same in your app and in the PHP script, don't share it anywhere and don't send it with the data.

    Hi, thanks for the response I'm looking into this!

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)