Cita de: Iros en Enero 20, 2016, 04:08:50 PM
Creo que yo había subido en una época esa DLL con un ejemplo. La verdad que el "highscore.php" es demasiado vulnerable, si tenes conocimientos en PHP podes agregarle seguridad con un par de validaciones antes de agregar los datos a la DB. Si queres dejá en el mensaje el código del highscore.php y veo como agregarle algo más de seguridad.
Sip, precisamente fuiste tu el que lo subio y ademas traducido, lo cual te lo agradezco bastante ya que he podido entender mejor cosas del GML que antes no sabía y me ha servido.
Te dejo el código ya que yo de PHP se cosas muy básicas
Código [Seleccionar]
<?php
//The way this script works is pretty easy
//To make the script put or update a player in the list call the script as: highscore.php?action=set&name=putnamehere&score=scorehere
//To make the script output the top 5 people call it either: highscore.php or highscore.php?action=top
//first connect to database
$host = "localhost";
$user = "user";
$pass = "pass";
$scores_db = "db";
$connect=mysql_connect ($host,$user,$pass) or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ($scores_db);
//set variables for easier use inside strings
$score=$_GET["score"];
$name=$_GET["name"];
$action=$_GET["action"];
//this function is the responsible of modifing the player in the table
function modify_table()
{
//first the query try to get a riw where the name of the player is = to the name in the url
$query = "SELECT name FROM hallelujahez WHERE name='".$_GET["name"]."'";
$res = mysql_query($query) or die("Couldn't execute $query: ".mysql_error());
//if the query returns 0 rows the player doesn't exist, if it returns 1 the player already exists
if (mysql_num_rows($res)==0)
{
//the query makes a new row with the player name and the score
$query = "INSERT INTO hallelujahez VALUES('".$_GET["name"]."',".$_GET["score"].")";
mysql_query($query) or die("Couldn't execute $query: ".mysql_error());
}
else
{
//the query looks for the row with name=name in the url and updates his score
$query = "UPDATE hallelujahez SET score=".$_GET["score"]." WHERE name='".$_GET["name"]."'";
mysql_query($query) or die("Couldn't execute $query: ".mysql_error());
}
}
function show_top()
{
//we make mysql return all rows in the database, but ordered descendent by the socre column and only the firt 5
//so, the 5 highest scores will be showed, change the 5 with the number of top players you want to show
$query = "SELECT name, score FROM hallelujahez ORDER BY score DESC LIMIT 50";
$res = mysql_query($query) or die("Couldn't execute query: ".mysql_error());
//this echos the html code for starting a table
echo "Hallelujah - Easy | o3Beat Online Ranking<br>
<br>
<br>
<table>
<tr>
<td align='center' style='font-color: white;'> <b>Name</b> </td> <td align='center' style='font-color: white;'> <b> Combo</b> </td>
</tr>
";
while ($user = mysql_fetch_assoc($res))
{
//the while loop is complicated, took me a week to fully understand how it works
//It'll output a row with the user name and score
echo "<tr>
<td align='center' style='font-color: white;'>
".$user["name"]."
</td> <td align='center' style='font-color: white;'>
".$user["score"]."
</td>
</tr>";
}
echo " </table>.";
}
//this switch will look at the $action variable I declared
//IF action=set means the person wants to input a player score, so we call modify_table()
//If action=top means the person wants to see the top5 players
//If none of the above simply show the top players
switch ($action)
{
case "set": modify_table(); break;
case "top": show_top(); break;
default: show_top(); break;
}
//if you want to make the show_top() function alone in one php file simply copy the code before the function modify table()
//put the function code in the middle and put mysql_close()
//close the connection, you MUSTN't forget to do this after you open a connection
mysql_close();
?>He modificado los datos de conexión a la DB por razones obvias de seguridad xD, muchas gracias!
