0 Favourites

[Plugin] ajaxPost

  • hi,

    because the Ajax-post-Plugin isn't available i've created a new one (based on the AJAX-Plugin).

    Usage like AJAX-Plugin with the difference that you can post the data via POST. <img src="smileys/smiley1.gif" border="0" align="middle">

    <img src="http://dl.dropbox.com/u/31151399/Construct2/Plugins/ajaxPost/usagajaxPost.png" border="0">

    Plugin ajaxPost

    postExample.capx (HTML-Div Plugin for the example)

    ajaxexamplePostData.php

    All suggestions are welcome. <img src="smileys/smiley2.gif" border="0" align="middle">

    Joe7

  • Probably nice <img src="smileys/smiley17.gif" border="0" align="middle" />

    Ajax is still over my head ^^

  • tnx a lot Joe7 ^^

  • Worked. Thanks. I can finally get a login system working.

  • That's a very great plugins! I was looking for this one!

    Does anyone know how to encrypt or protect the post data values sent from the c2 game to server?

    Thank you!

  • I allways thought, that HASH is a one-way thing..?!?

  • Yes, it should be. As I understand the question - he asked only the encryption - e.g. post the "username"+"password" and store this encrypted string on the server.

    The username and the score can send without encryption to store on the server. The client that uses the C2 game knows who he is ("username") and the app calculates the "score".

    Second login: C2 encrypts username+passwort again --> send it to the server --> server: compares this string to the string stored before --> message success/fail to c2-client that wants to play

    Suggestion:

    If sending the username and the score unencrypted is to unsecure for you (-you can see the real-characters eg with wireshark <img src="smileys/smiley2.gif" border="0" align="middle" /> ) - why not merge it in the encrypted string:

    When the encrypted string for the

    user "Joe7"+"joelspassword"

    is --- "0123456789abcdef" ----

    and the score is "20"

    --> merge it in:

    • -- 01234567Joe789ab2cd0ef ---

    and post this string. If you know the right positions of the characters you can pick them out <img src="smileys/smiley2.gif" border="0" align="middle" />

  • Actually, encrypted or not, just sending credentials like that is a possible security hole.

    Another way to secure things is to go through https protocol (the page that does the ajax request is already a secured page, and the destination adress for the request is an https:// adress too).

    This should help preventing the credential from falling into unwanted/malicious hands hopefully.

  • Construct 3

    Buy Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Buy Now Construct 3 users don't see these ads
  • Thank you Joe7 and Kyatric for your answer! :)

    Yes, I thought about mixing your 2 solutions (CB hash & https) because I'm looking the way to protect the username, hash session of player and score.

    But I'm still care about the fact the player (called hacker) could find a way to make some ajax call from javascript console (like firebug or chrome console or anothers tools) by finding my C2 javascript function (even minified) to make the same CB Hash and call it to send a high score to server manually...

    Just like EdgeWorld's game, there are some tools to hack that game even if EdgeWorld is in https mode... :(

    I'm not expert and don't know very well https, but I saw that every JS Client application use that way even if post data is not encrypted (just like iCloud.com do)

    Do you think https could prevent that kind of attack?

  • Hi there,

    I can't get this to work. Even example isn't working for me. Could you be so kind and write short tutorial on how to use it?

    Regards

  • Maciej

    Have you checked the AJAX-tutorial? If the demos in this tutorial work for you than the ajaxPost-Plugin should work too. Usage of this Plugin here is very similar.

  • this doesnt work on iphone? Ive set up a very simple test that works just fine from my pc but the same thing on my iphone doesnt. The php outputs the field retrieved from the database or the mysql error msg. it works fine on pc (tested with firefox 12) but not on my iphone.

    The php uses $_REQUEST to get the info either from get or post and one the iphone it works if I run the php with the variables in the url but not from the c2 test program.

    Any ideas?

  • 1,000 thank yous!!!   <img src="smileys/smiley17.gif" border="0" align="middle" />

  • Has anyone managed to connect this with wordpress by any chance?

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)
Similar Topics Posts Views Last Post
Unread hot topic
1,068 148,698
Reflextions's avatar
Reflextions
Unread hot topic
0 Favourites
[plugin] firebase
687 65,171
cybertron7's avatar
cybertron7
Unread hot topic
0 Favourites
[PLUGIN] Canvas
627 186,717
zenox98's avatar
zenox98