Site Lock WebGL

Can someone please provide a solution for Site Locking WebGL Games?

I have tried 3 different Site Lock Scripts that Works with Web Player Games, but will not work in WebGL.

Please Help!

 

OK, it seems I found a working solution @ https://github.com/JustinLloyd/unity-anti-piracy

Although we have to make sure to remove lines 229 - 233. I modified it below so you can just copy and paste this one below to have a working Site-lock script for WebGL.

Code (CSharp):

1. /*
2. * AntiPiracy.cs - Permits the game only to run on allowed hosts
3. * Copyright (C) 2010 Justin Lloyd
4. *
5. * This library is free software; you can redistribute it and/or
6. * modify it under the terms of the GNU Lesser General Public
7. * License as published by the Free Software Foundation; either
8. * version 3 of the License, or (at your option) any later version.
9. *
10. * This library is distributed in the hope that it will be useful,
11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13. * Lesser General Public License for more details.
14. *
15. * You should have received a copy of the GNU lesser General Public License
16. * along with this library.  If not, see <http://www.gnu.org/licenses/>.
17. *
18. */
19.  
20. using UnityEngine;
21. using System.Collections;
22. using System;
23. using System.Collections.Generic;
24. using System.Text;
25.  
26.  
27. public class SiteLock : MonoBehaviour
28. {
29.     /// <summary>
30.     /// Should the piracy test be done when the script starts up?
31.     /// </summary>
32.     public bool m_testAtStartup;
33.  
34.     /// <summary>
35.     /// Do we permit execution from local host or local file system?
36.     /// </summary>
37.     public bool m_permitLocalHost;
38.  
39.     /// <summary>
40.     /// List of permitted remote hosts that host this game.
41.     /// </summary>
42.     public string[] m_permittedRemoteHosts;
43.  
44.     /// <summary>
45.     /// List of permitted localhost URLs
46.     /// </summary>
47.     public string[] m_permittedLocalHosts;
48.  
49.     /// <summary>
50.     /// URL to bounce the player to if they are executing the game from an unknown URL.
51.     /// </summary>
52.     public string m_bounceToURL;
53.  
54.     void Reset()
55.     {
56.         m_testAtStartup = true;
57.         m_permitLocalHost = true;
58.         m_permittedLocalHosts = new string[] { "file://", "http://localhost/", "http://localhost:", "https://localhost/", "https://localhost:" };
59.     }
60.  
61.     void Start()
62.     {
63.         PiracyCheck();
64.     }
65.  
66.     /// <summary>
67.     /// Determine if the current host exists in the given list of permitted hosts.
68.     /// </summary>
69.     /// <param name="hosts">An array of hosts permitted to host this game.</param>
70.     /// <returns>True if the current host is permitted to host this game.</returns>
71.     private bool IsValidHost(string[] hosts)
72.     {
73.         // print out list of hosts in debugging build
74.         if (Debug.isDebugBuild)
75.         {
76.             StringBuilder msg = new StringBuilder();
77.             msg.Append("Checking against list of hosts: ");
78.             foreach (string url in hosts)
79.             {
80.                 msg.Append(url);
81.                 msg.Append(",");
82.             }
83.        
84.             Debug.Log(msg.ToString());
85.         }
86.    
87.         // check current host against each of the given hosts
88.         foreach (string host in hosts)
89.         {
90.             if (Application.absoluteURL.IndexOf(host) == 0)
91.             {
92.                 return (true);
93.             }
94.        
95.         }
96.    
97.         return (false);
98.     }
99.  
100.     /// <summary>
101.     /// Determine if the current host is a valid local host.
102.     /// </summary>
103.     /// <returns>True if the game is permitted to execute from local host and
104.     /// the current host is local host.</returns>
105.     public bool IsValidLocalHost()
106.     {
107.         if (m_permitLocalHost)
108.         {
109.             return (IsValidHost(m_permittedLocalHosts));
110.         }
111.    
112.         return (false);
113.     }
114.  
115.     /// <summary>
116.     /// Determine if the current host is a valid remote host.
117.     /// </summary>
118.     /// <returns>True if the game is permitted to execute from the remote host.</returns>
119.     public bool IsValidRemoteHost()
120.     {
121.         return (IsValidHost(m_permittedRemoteHosts));
122.     }
123.  
124.     /// <summary>
125.     /// Bounce the player to game's home page
126.     /// </summary>
127.     public void Bounce()
128.     {
129.         Application.OpenURL(m_bounceToURL);
130.     }
131.  
132.     /// <summary>
133.     /// Determine if the current host is a valid host (local or remote)
134.     /// </summary>
135.     /// <returns>True if the current host is permitted to host the game.</returns>
136.     public bool IsValidHost()
137.     {
138.         if (IsValidLocalHost() == true)
139.         {
140.             return (true);
141.         }
142.    
143.         if (IsValidRemoteHost() == true)
144.         {
145.             return (true);
146.         }
147.    
148.         return (false);
149.     }
150.  
151.     /// <summary>
152.     /// Compile a list of hosts in to a fragment of JavaScript.
153.     /// </summary>
154.     /// <param name="permittedHosts">List of hosts permitted to host the game.</param>
155.     /// <returns>Fragment of JavaScript for testing the current host.</returns>
156.     private string CompileHosts(string[] permittedHosts)
157.     {
158.         StringBuilder hosts = new StringBuilder();
159.    
160.         for (int i = 0; i < permittedHosts.Length; i++)
161.         {
162.             hosts.Append("(document.location.host != '");
163.             string url = permittedHosts[i];
164.             if (url.IndexOf("http://") == 0)
165.             {
166.                 url = url.Substring(7);
167.             }
168.             else if (url.IndexOf("https://") == 0)
169.             {
170.                 url = url.Substring(8);
171.             }
172.        
173.             hosts.Append(url);
174.             hosts.Append("')");
175.             if (i < permittedHosts.Length - 1)
176.             {
177.                 hosts.Append(" && ");
178.             }
179.        
180.         }
181.    
182.         return (hosts.ToString());
183.     }
184.  
185.     /// <summary>
186.     /// Perform a browser check using JavaScript to determine if the current
187.     /// host is permitted to host the game.
188.     /// </summary>
189.     private void CheckWithJavaScript()
190.     {
191.         StringBuilder javascriptTest = new StringBuilder();
192.    
193.         javascriptTest.Append("if (");
194.         // compile test for local hosts
195.         if (m_permitLocalHost)
196.         {
197.             javascriptTest.Append("(document.location.host != 'localhost') && (document.location.host != '')");
198.             if (m_permittedRemoteHosts.Length > 0)
199.             {
200.                 javascriptTest.Append(" && ");
201.             }
202.        
203.         }
204.    
205.         // compile test for remote hosts
206.         javascriptTest.Append(CompileHosts(m_permittedRemoteHosts));
207.         javascriptTest.Append("){ document.location='");
208.         javascriptTest.Append(m_bounceToURL);
209.         javascriptTest.Append("'; }");
210.         if (Debug.isDebugBuild)
211.         {
212.             Debug.Log(javascriptTest);
213.         }
214.    
215.         Application.ExternalEval(javascriptTest.ToString());
216.     }
217.  
218.     /// <summary>
219.     /// Perform a complete check to see if the current host is permitted to
220.     /// host the game. Bounce the player to the game's home page if it is not.
221.     /// </summary>
222.     public void PiracyCheck()
223.     {
224.         if (Debug.isDebugBuild)
225.         {
226.             Debug.Log(String.Format("The absolute URL of the application is {0}", Application.absoluteURL));
227.         }
228.  
229.         // if it's not a valid remote host, bounce the user to the proper URL
230.         if (IsValidHost() == false)
231.         {
232.             if (Debug.isDebugBuild)
233.             {
234.                 Debug.Log(String.Format("Failed valid remote host test. Bouncing player to {0}", m_bounceToURL));
235.             }
236.        
237.             Bounce();
238.             return;
239.         }
240.    
241.         // it might appear to be a valid local or remote host, but one final check in JavaScript to verify that
242.         CheckWithJavaScript();
243.     }
244.  
245. }

 

Thanks for the script but its not working for me.
Maybe i am entering the host names incorrectly.

i entered :
http://www.newgrounds.com/
http://www.kongregate.com/
http://www.gamejolt.com/

but on all three sites it takes me to the bounceToURL

Did i do something wrong or is there a new working script available?

 

Little late reply though, so just for the records:
I had the same question and came up with the following after some research:

• I added the "https" protocol of each domain, e.g. https://www.kongregate.com/
• in similar discussions, other devs also add the domain chat.kongregate.com
  
• on Kongregate, the domain konggame.com appeared in the debugger with a unique prefix, e.g. game12345.konggames.com. Copy that domain and add it.

 

What is "Site Lock"????

 

"on Kongregate, the domain konggame.com appeared in the debugger with a unique prefix, e.g. game12345.konggames.com. Copy that domain and add it."

I believe that prefix is potentially changed each new build you upload so ... would need a wildcard.

 

A site lock stops your game from running on different URLs (sites) there are a bunch of game portals out there that will copy your game and rehost it as a way to gain some ad revenue.

 

Good God, sound like "Site Lock" is freeking MANDITORY!!! what a bunch of slimy bastards

 

Only GOD knows why they used JAVASCRIPT for this WEbGL, I mean ANYBODY can see the code or steal it or hack it or hack your site in general.

Hackers can SEE your site lock code and just REMOVE IT? I mean the code is right there in the wonderful world of JAVASCRIPT where everything is in plain sight! I mean not only is there zero security, you are giving them the code! its the most ridiculous thing i ever seen!

Using JavaScript for anything is like giving everybody a key to your house that contains all your valuables that you worked hard to obtain.... but what do i know......

 

jonas,

Thanks for your comment, im not blaming Unity, you guys have to use whatever the browser is offering and whatever tools are out there, it totally has nothing to do with you guys (I think) I should have mentioned that above.

Unity is totally AWESOME in my opinion!

 

My WebGL app uses WWW to send/receive information to a server on the local host where the WebGL app is running.

If someone steals my WebGL code and re-hosts it on another server, will my WebGL app stlil be able to communicate with my server from that hacked server?

 

I have written a lot of php code that gets called by my WebGL app, but im now wondering how to prevent my whole site, (WebGL and php code) from getting stolen.

Im really new at this internet thing, but is there a way to prevent someone stealing php code?

 

As php code is interpreted server side only, I believe it cannot easily be stolen.