4 Replies Latest reply on Feb 29, 2008 7:47 PM by cratica

    Sending data to a website

    cratica
      I have a Director 2004MX game that is installed from a CD-ROM. I want to send data (text information such as player name, password, score, etc. as well as an attached file (mpg)) I am currently able to do this through an email xtra.

      For this to work correctly, the player must setup an account on the website so they can upload their game information. If a player sends this information without having an account setup, the receiving website won't know what to do with it since the username/password will not be found.

      So... what is the best method for sending out a query from Director to the website to see if the username/password exists BEFORE I send the email. If the user/password exists, the website returns true and all is well, otherwise I can open up the browser and have them setup their account first.

      Anyone know how to do this?

      Thank you for your time!
        • 1. Re: Sending data to a website
          Level 7
          I think you need a server-side script (like PHP, asp, ... depending on
          your server and available extensions) to query a server DB about the
          username/password combination. You could query this script with
          getNetText or postNetText. See: < http://www.shocknet.org.uk/index.asp>
          • 2. Re: Sending data to a website
            cratica Level 1
            Thank you Sean. I don't know much about this sort of thing but will look at the information you linked to. Thanks!
            • 3. Re: Sending data to a website
              Applied CD Level 1
              If you’re running ASP sever side I’ve written a matched set of scripts in lingo and ASP that allow you to submit SQL queries from a projector/shockwave and retrieve the resulting record set as a nested set of lists. It’s based on information from the link Sean posted however I’ve allowed Director to dynamically construct the SQL query at runtime (greatly increasing flexibility for clients that must execute many DB functions) and added RC4 data encryption in both directions to protect the database and secure the retrieved data (this stops hackers from using the script as an open port to the DB).

              The server side ASP script is simple, it takes the RC4 encrypted SQL query sent from Director, decrypts the SQL string, queries the DB, and sends the record set back to Director either encrypted or clear text, your choice.

              The client side lingo script is, well… not so simple. It first constructs the query in the form of a SQL string, encrypts the string, and then sends the encrypted string to the ASP script for processing. It’s been a long time since I’ve looked at the scripts but I believe I wrote them to execute the net operations synchronously … ie: Director goes into a hold loop while waiting for a response or timeout. Once a response is received Director decrypts the results if necessary and that’s where the fun begins … the server response can be anything from a timeout, net operation failure, SQL error, or the response you were looking for. Unfortunately the error handling can bulk the script up quickly.

              Just a quick note about security: The RC4 encryption scheme prevents hackers from using the ASP script as a portal into your database but it does not prevent anyone with access to your Director client from attempting an SQL injection attack. To prevent these types of attacks you must be sure to sanitize any user input before incorporating it into the query string. These types of attacks are very real, I had a site I manage disabled for a few days because a hacker exploited the one field out of hundreds that didn’t properly scrub user input.
              • 4. Re: Sending data to a website
                cratica Level 1
                Thank you Applied CD for that answer. I'll PM you.