Search Unity

  1. Unity 2019.1 is now released.
    Dismiss Notice

Use Wordpress as your game's database

Discussion in 'Assets and Asset Store' started by MrDude, Feb 17, 2014.

?

If I were to build the kits in order of preference, which kit would you like first?

  1. Friends system: Invite friends and see what they are playing. Include PM and chat services

    45.5%
  2. Online privacy: Protect your info select exactly who can see what

    16.9%
  3. Message boards system: Categories for author, clan leaders, groups personal

    19.5%
  4. Online market place: Trade with NPCs or real players. Includes gifting service

    36.4%
  5. Custom character system: Create a character in one game and take him into other games

    18.2%
  6. 2D narrative game template: Write a story, build a game in a day...

    14.3%
  7. Clan system: Access your friends arsenal during your own battles

    9.1%
  8. Wordpress Games portal: Display available games, sell them and show stats (ratings/reviews)

    24.7%
  9. Other: Please specify...

    3.9%
Multiple votes are allowed.
  1. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    As soon as the latest updates go live WULogin will now join the ranks of static classes in the series, thereby completing the collection. Cookies, server access and all the individual kits are now static classes. :)

    I was working with someone to try and bring PlayMaker support to the kits and apparently having to derive from WULogin was an issue. Now that that hurdle has been overcome I'm afraid we are stuck with the fact that he lost interest and I don't know how to make PlayMaker actions so I guess that is going to have to remain a "possibly in the future" thing... at least now that everything is static that should make it easier. Touch wood.

    If anyone here has any PlayMaker skills and would be willing to add support for me, I would be more than willing to donate the "WordPress for Unity" complete asset for your efforts... If interested, please let me know.

    Thanks.
     
  2. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    WordPress Achievements will be added to the WordPress for Unity assets in the next couple of days (hopefully sometime this weekend).

    Creating achievements is as easy as making a blog post.
    Awarding achievements can either be done manually using 1 line of code:
    Code (csharp):
    1. WUAchieve.AwardAchievement(6);
    ...or you can define the requirements online and let the kit test and award them for you. I include a working prefab that shows you how to do anything you could want to do but it is merely a demo that you can dissect to build your own custom achievement system with. I give you a number of functions to get the data you want and from there you are free to display achievements in any way you choose.

    If the images are available locally they will be used. If they are not available locally I fetch them from your website. Achievement requirements can be set pre and/or post publishing of your game making auto assigning of achievements a real good option to use...

    Edit.JPG overview.JPG ingame.JPG require.JPG
     
    Last edited: May 30, 2018
  3. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    WordPress for Unity has been updated to include WordPress Achievements and is now live on the store.

    It also includes a bonus feature not available in the Achievements standalone asset: Save achievement unlock tracking online rather than PlayerPrefs. This means that your progress towards unlocking an achievement can now span devices instead of only play sessions.

    The achievements can be seen integrated into the game here: http://guild.site/bad-dreams/
     
    Last edited: May 30, 2018
  4. obstudio

    obstudio

    Joined:
    Sep 30, 2016
    Posts:
    52
    Hi, I have a problem with WUlogin for Core in 2017.4 and 2018.1. Into clean project I have imported Core and then Login plugin.There are many errors "cannot be used because it is not part of the C# 4.0 language specification" like:

    Assets/myBad Studios/WUSS/Scripts/Login/WULoginPrefs.cs(47,39): error CS1644: Feature `expression bodied members' cannot be used because it is not part of the C# 4.0 language specification
    Assets/myBad Studios/WUSS/Scripts/Login/WULogin.cs(236,36): error CS1644: Feature `null propagating operator' cannot be used because it is not part of the C# 4.0 language specification
    Assets/myBad Studios/WUSS/Scripts/Login/uGUI/WUUGLoginGUI.cs(477,43): error CS1644: Feature `expression bodied members' cannot be used because it is not part of the C# 4.0 language specification
     
  5. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Hi there. Sorry for the inconvenience caused by this.

    Note that at the top of the WordPress Login kit's description I stated:
    and in the release notes of CML I stated
    I suppose I could have been a smidge more clear about that. apologies.

    What that means is that you need to go into your Player Settings and set the Scripting Runtime version to .NET 4.6.

    After Unity restarts those errors will be gone. In 2017 it is listed as Experimental and in 2018 as Stable. Works perfectly fine in both, though.

    DotNet.JPG

    Edit: As an aside, if you HAVE 2018 then I recommend you download and use the assets in that. The assets got an update recently for 2018.1 and CML is upgraded to v4 for 2018.1.
     
    Last edited: Apr 27, 2018
  6. obstudio

    obstudio

    Joined:
    Sep 30, 2016
    Posts:
    52
    Hi, thanks for quick response and solution. I've missed this requirement at top of description, probably because I have asset from some time and I just have used "import" button from list of assets in editor.
    Thanks again and have a nice day!
     
    MrDude likes this.
  7. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    No problems, mate. Glad to have helped. Any questions, feel free to ask :)

    P.s. even the asset store staff didn't know about this! They approved my one asset 3 times and on the fourth time they rejected it because it was "filled with errors" :p If even Unity staff doesn't know what the documentation says and they get to decide what gets accepted and what does not, well then you have nothing to worry about indeed! :D lol

    Would have been awesome if there was a way to tell customers "Hey, there is a new version. Read what I wrote" but the closest thing to that is the release notes link next to the "Install" button. Problem there is that I usually only list the LATEST updates so if you miss reading / downloading one then you lost out... :(

    In any event, please take note that all my assets contain a changelog.txt file in the Documentation folder. After downloading a new version it might be a good idea to read through that just in case you missed an update or two. Some of the updates are rather major... especially MBSCore. That gets completely new classes added to it and, like I keep telling people, the standalone versions of my kits only contain the parts of MBSCore it needs, not the entire thing...

    The latest MBSCore update (2018.1 version) now allows you to do math on the nodes in a CML object and every node can now also contain an object in addition to all the other fields it can contain. The version before that added a way to DRASTICALLY simply how you use events and actions in your game and might just change your entire approach to how you use them as a whole....

    So yeah, from now on, when you download new versions of any of my assets, do yourself a favour and check the last one or two version entries under the changelog just to see if you missed anything good :)

    Also, don't forget, everything on my website is 50% off this weekend only so make sure to drop on by when you get a chance. :)

    Enjoy. :)
     
    Last edited: Apr 27, 2018
    obstudio likes this.
  8. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Hi MrDude,

    Anynews from this ? do you plan to make in kit ?
     
  9. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Hi ibompuis

    Why the double post? Did you mean to ask about something else or did you just ask the same question twice? :p

    I switched over from Mac to PC a while back, messed up big time and lost a lot of stuff. I was very happy to find that I still had this code and was ready to publish it... I created the product description, uploaded the graphics then said "Know what, let's simplify this class a bit more" and simplified it a LOT instead... and that was when I noticed... The version of this kit that I had was a very early version that only contained half (literally) of the functionality I wanted to include in this class :(

    So am I planning on releasing this? Absolutely. I was one click away from publishing... then I discovered I still have to do the hard part all over again. Sigh. :(
    This gave me headaches the first time I tried to work out how to do this and that part just so happens to be the part that needs redoing again... OF COURSE I would loose the latest version and revert to the version just BEFORE all the hard stuff was done... Just my luck :(

    That means that WHEN this will be released I cannot say yet, but that it WILL be released, absolutely, yes.
    ...most likely not on the Asset Store, though, but absolutely, yes. Apologies for the delay.
     
    Last edited: May 1, 2018
  10. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Haha, yes I could have done a single post indeed and you a shorter answer :p;)
    Thank for feedback, again I'm realy intersted by this, released on you site ?

    Thx
     
    Last edited: May 3, 2018
  11. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Hey MrDude,

    just purshased WUMoney and already have WUData an WULogin, I have some question related to woocommerce and WUMoney. I'v read the PDF but:

    Workflow:

    I'v 3 products (Suscription)
    User buy suscription on site
    When user logged on app with WULogin, how I can get (Know) the product buyed by this user ?
    My suscription is timed (month or week etc..) How can I know when suscription expire for user ?

    Can you point me to right direction :D
    Thanks
     
  12. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Unfortunately Subscriptions is not something that I support (and due to the $200 price tag associated with adding subscription support to WooCommerce I don't think there is a large enough Unity market out there who will care about it to warrant me adding that). WUMoney is intended to allow for in-game content purchases.

    Please see the documentation on how to add custom product types / custom uses for WUMoney and take it from there. I will be adding native support for more product types in future but until then any custom use of WUMoney will require that you take the template I gave you and fill in the blanks yourself from there.

    I can still help you with the parts that relate to WUMoney but all the parts relating to your custom use is not covered under the scope of my support, unfortunately.
     
    Last edited: May 2, 2018
  13. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Ok I understand for suscription etc... but can you provide a simple example C# function to retrive a product buyed by user like in your pdf example: WUSKU_1_MONEY_GOLD_200 ?

    In demo folder only find Tapjoy example.

    Thanks
     
    Last edited: May 3, 2018
  14. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    I tend to get a lot of people asking me the same questions over and over even though they are answered in the FAQ section of my website and in the product documentation and or in the demo source code. A simply copy paste of what I have already said before seems to please a lot of people a lot of the time.

    I question that I HAVE received a couple of times that I feel is a valid question is "How can I extend your kits without you overwriting my extensions with every update you release?" Well tonight I solve the issue of the never ending repeating questions by giving you a bare bones sample project to learn from. Nothing fancy or OTT, absolutely bare minimum just so you can see it working....

    If you are someone who wishes to add custom functionality to my assets, be sure to get this asset. If you are happy to use what I provide you then don't bother with this.

    1. This asset demonstrates how to create custom functions to extend my kits to do your custom bidding
    2. This asset includes a skeleton plugin for WordPress which I WILL NOT UPDATE so you are free to include your own custom code to it and I will not overwrite it in any future updates since this will not be a part of any asset.
    3. In response to ibompuis request for an example of the example I provided, I show how to create a custom WUMoney action that can store items and fetch back the results again

    I created a very rudimentary subscription system. This does NOT take into account renewals but instead it allows you to specify a subscription length in days, weeks or months and let the buyer choose how many they want. If they have no subscription or it has expired they will now receive a new subscription for the required duration. If they have a current subscription it will now be extended by the duration they requested. Note that I demonstrate how to save a value for one item but all you have to do is add in a unique identifier in there and you can save any number of stuff. The code remains the same, the name of the item you save is all that has to change.

    4. As part of the "How do I extend your assets?" question I include a single function inside this asset: IsSubscribed. This will contact the server and check the status of the subscription before returning either true or false depending on whether or not the subscription time has lapsed.

    This entire thing is absolutely bare bones and includes nothing that it doesn't need to so that you can learn from this more easily. Please see the included documentation for usage instructions.


    Enjoy.
     

    Attached Files:

    Last edited: May 3, 2018
  15. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    First,
    Thanks !!! MrDude, truly, always you take time and try to explain :eek:
    I'v take time to see and try the WUExpansions example, and it's more clear now for how to structure code php and C#.

    I'v created product and setup like you said in readme, but suscription not work for me.
    my product sku: WUSKU_50_days like you mention in readme etc...

    The php code never called, my order is "completed" but "50_sub_expiry_date" not registered in DB

    Code (CSharp):
    1. update_user_meta($uid, "{$gid}_sub_expiry_date", $expiry);
    In your wuss_subscription_purchase function you write:

    Code (CSharp):
    1. //if the type of this transaction is not "sub" then this transaction was not meant for this plugin so quit
    2.     if( $args['type'] != "sub")
    3.         return;
    What is "sub" ?

    I try to figure why the user_meta are not updated. :(
     
    Last edited: May 3, 2018
  16. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Code (csharp):
    1. if( $args['type'] != "sub")
    If the readme saysto use WUSKU_50_days then there must be a typo in the readme.

    According to the WUMoney documentation and my explanation on this thread SKUs take the form of WUSKU_GID_TYPE and then you can add on anything else you want as parameters. GID is your game's id and TYPE is something that identifies it to your function. In this case it tests for type sub. Thus the SKU should be WUSKU_50_SUB_days or WUSKU_50_sub_weeks etc.

    Try that. You should now see it in your database :)
     
    Last edited: May 3, 2018
  17. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Hey MrDude,

    After some adjustement, all works fine for me, I'v corrected some php who don't work:

    Code (CSharp):
    1. add_action( 'wuss_purchase', 'wuss_subscription_purchase' );
    2. function wuss_subscription_purchase($args)
    3. {
    4.     //if the type of this transaction is not "sub" then this transaction was not meant for this plugin so quit
    5.     if( $args['type'] != "sub")
    6.         return;
    7.  
    8.     $uid = intval($args['uid']);
    9.     $gid = intval($args['gid']);
    10.     $expiry = get_user_meta($uid, "{$gid}_sub_expiry_date", true);
    11.     if (trim($expiry) == '') $expiry = 0;
    12.     $expiry = intval($expiry);
    13.  
    14.     $period = $args['fields'][0]; //should be: months/weeks/days
    15.     //$amount = intval($args['qty']); // qty from the cart
    16.     //$amt_to_award = 0;
    17.  
    18.     switch($period)
    19.     {
    20.         case 'days': $today = add_days( 2 ); break;
    21.         case 'weeks': $today = add_days( 7 ); break;
    22.         case 'months': $today = add_days( 30 ); break;
    23.     }
    24.  
    25.     //if a subscription is still active, add the time to it
    26.     //otherwise set a new subscription
    27.     if ( $expiry < time() )
    28.         $expiry = $today;
    29.     else
    30.         $expiry += $today;
    31.  
    32.     update_user_meta($uid, "{$gid}_sub_expiry_date", $expiry);
    33. }
    34.  
    35. function add_days( $days, $from_date = null ) {
    36.     if ( is_numeric( $from_date ) ) {
    37.         $new_date = $from_date;
    38.     } else {
    39.         $new_date = time();
    40.     }
    41.     // 86400 = 24h * 60m * 60s
    42.     $new_date += $days * 86400;
    43.  
    44.     return $new_date;
    45. }
    and added in wuss_money:

    Code (CSharp):
    1. add_action( 'woocommerce_order_status_completed',    'wusales_woo_payment_complete' );
    To test with no payement method...
    Change too unity_function.php etc...

    Again works very well !!! It's more clear now how to implement CUSTOM plugins :D:D:D

    Thanks again MrDude for you great support !! and amazing plugins suit !

    ilan
     
  18. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Custom WuLogin not work :-(

    Hey Mrdude, I created custom login class to wp, when I click to login, server always return bad password...

    I'm sure that password are good, and server url too (Localhost). At mean time your code SimpleLoginLogout works fine with my password...

    The debug = password = admin

    Code (CSharp):
    1. public class ManagerCredentials : MonoBehaviour
    2. {
    3.     public TextMeshProUGUI txt_messageServer;
    4.     public GameObject go_messageServer;
    5.     public GameObject go_loading;
    6.     public GameObject go_circleRed;
    7.     public GameObject go_circleGreen;
    8.     public Button btn_SeConnecter;
    9.  
    10.     cmlData login_credentials;
    11.  
    12.     void Start()
    13.     {
    14.         //first, decide what functions to call when something happens
    15.         WULogin.onLoggedIn += OnLoggedIn;
    16.         WULogin.onLoggedOut += OnLoggedOut;
    17.         WULogin.onLoginFailed += HandleErrors;
    18.         WULogin.onLogoutFailed += HandleErrors;
    19.  
    20.         //Disable the button while waiting for a response from the server
    21.         WPServer.OnServerStateChange += OnServerStateChange;
    22.     }
    23.  
    24.     public void OnSeConnecterBtnClicked(TextMeshProUGUI user_name, TextMeshProUGUI password)
    25.     {    
    26.         go_loading.SetActive(true);
    27.         //create the login details
    28.         login_credentials = new cmlData();
    29.      
    30.         Debug.Log("user_name = "+user_name.text);
    31.         Debug.Log("password = "+password.text);
    32.      
    33.         login_credentials.Set( "username", user_name.text );
    34.         login_credentials.Set( "password", password.text );
    35.  
    36.         //and let's see if we can login immediately...
    37.         WULogin.AttemptToLogin(login_credentials);
    38.     }
    39.  
    40.     //Since we are setting static events, make sure we release them when we are done!
    41.     void OnDestroy()
    42.     {
    43.         WULogin.onLoggedIn -= OnLoggedIn;
    44.         WULogin.onLoggedOut -= OnLoggedOut;
    45.         WULogin.onLoginFailed -= HandleErrors;
    46.         WULogin.onLogoutFailed -= HandleErrors;
    47.         WPServer.OnServerStateChange -= OnServerStateChange;
    48.     }
    49.  
    50.     void OnLoggedIn( CML response )
    51.     {
    52.         go_loading.SetActive(false);
    53.         go_circleGreen.SetActive(true);
    54.         go_circleRed.SetActive(false);
    55.     }
    56.  
    57.     void OnLoggedOut( CML response )
    58.     {
    59.         go_loading.SetActive(false);
    60.         go_circleGreen.SetActive(false);
    61.         go_circleRed.SetActive(true);
    62.     }
    63.      
    64.     void OnServerStateChange( WPServerState state )
    65.     {
    66.         btn_SeConnecter.interactable = state == WPServerState.None;
    67.     }
    68.  
    69.     void HandleErrors( cmlData response )
    70.     {
    71.         go_loading.SetActive(false);
    72.         go_messageServer.SetActive(true);
    73.         txt_messageServer.text = response.String( "message" );
    74.     }
    75.  
    76.     public void OnSwitchLoginLogoutClick()
    77.     {
    78.         if ( WULogin.logged_in )
    79.             WULogin.LogOut();
    80.         else
    81.             WULogin.AttemptToLogin(login_credentials);
    82.     }
    83. }

    Code (CSharp):
    1. incorrect password
    2.  
    3.  
    4.  
    5. <CML>PExPR0lOPgo8c3RhdHVzPnN1Y2Nlc3M9ZmFsc2U7IG1lc3NhZ2U9aW5jb3JyZWN0IHBhc3N3b3JkCg==</CML>
    6. UnityEngine.Debug:LogWarning(Object)
    7. MBS.<CallServer>c__Iterator0:MoveNext() (at Assets/myBad Studios/WUSS/Scripts/Login/WPServer.cs:173)
    8. UnityEngine.SetupCoroutine:InvokeMoveNext(IEnumerator, IntPtr)
    What is wrong :)

    Thanks
     
    Last edited: May 7, 2018
  19. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    If the username and password works in the one scene but not in the other scene then clearly there is something wrong in the one scene. From what I am seeing here it looks just fine unless there is a snake just waiting to jump out and bite me...

    One thing, though, call me paranoid but it's part of my built in error radar... just to play it safe, try fetching the username and password using "user_name.text.Trim()" and "password.text.Trim()" respectively. I am super paranoid about trailing spaces or return keycodes.

    Are there no other scripts in the scene that might cause any interference? Again, if it works in the one scene but not in the other then something in the scene must be wrong and "something" is a very broad range of things to answer for when asked "What is wrong?" I would recommend adding an attempt to auto login Start function also. I see that in the one function you actually set the username and password while in the other function you just assume they are set. I am thus assuming you are using the first function to try and log in with, yes?

    Also, note that there should only ever be one instance of WPServer in the scene so when I detect more than one I destroy the duplicates. If you have more than one in the scene I might be destroying the wrong one. Add a debug.log to see what game object wpserver is on and in-game check what values it has. That way, if you find an object with wrong values you will know what object it is on so you can remove it when not playing. It's rather pointless setting up WPServer to point to your domain and then have that script be deleted only to have the unconfigured one trying to access the website using generic details.

    That sounds like a good place to start since the rest of your code looks just fine...
     
  20. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Hey :)

    First, yes only one WPServer instance in my scene:

    https://screencast.com/t/MqujX9vyNTS

    The function who send string with Trim():

    Code (CSharp):
    1.  
    2. public TextMeshProUGUI inp_NomUtilisateur;
    3.     public TextMeshProUGUI inp_MotDePasse;
    4.  
    5. public void SetCredentialString()
    6.     {
    7.         string username = inp_NomUtilisateur.text.Trim();
    8.         string password = inp_MotDePasse.text.Trim();
    9.         managerCredentials.OnSeConnecterBtnClicked(username, password);
    10.     }

    and:

    Code (CSharp):
    1. public void OnSeConnecterBtnClicked(string user_name, string password)
    2.     {    
    3.         go_loading.SetActive(true);
    4.      
    5.         Debug.Log("user_name = "+user_name);
    6.         Debug.Log("password = "+password);
    7.      
    8.         login_credentials.Set( "username", user_name);
    9.         login_credentials.Set( "password", password);
    10.      
    11.         //let's see if we can login...
    12.         WULogin.AttemptToLogin(login_credentials);
    13.     }
    If I try WULogin.AttemptAutoLogin(); nothing happen.

    Thre debug result:

    Code (CSharp):
    1. user_name = admin
    2. UnityEngine.Debug:Log(Object)
    3. ManagerCredentials:OnSeConnecterBtnClicked(String, String) (at Assets/_MAIN/Scripts/ManagerCredentials.cs:38)
    4. SeConnecterController:SetCredentialString() (at Assets/_MAIN/Scripts/SeConnecterController.cs:17)
    5. UnityEngine.EventSystems.EventSystem:Update()
    6.  
    7. password = *****
    8. UnityEngine.Debug:Log(Object)
    9. ManagerCredentials:OnSeConnecterBtnClicked(String, String) (at Assets/_MAIN/Scripts/ManagerCredentials.cs:39)
    10. SeConnecterController:SetCredentialString() (at Assets/_MAIN/Scripts/SeConnecterController.cs:17)
    11. UnityEngine.EventSystems.EventSystem:Update()
    12.  
    13. ncorrect password
    14.  
    15.  
    16.  
    17. <CML>PExPR0lOPgo8c3RhdHVzPnN1Y2Nlc3M9ZmFsc2U7IG1lc3NhZ2U9aW5jb3JyZWN0IHBhc3N3b3JkCg==</CML>
    18. UnityEngine.Debug:LogWarning(Object)
    19. MBS.<CallServer>c__Iterator0:MoveNext() (at Assets/myBad Studios/WUSS/Scripts/Login/WPServer.cs:173)
    20. UnityEngine.SetupCoroutine:InvokeMoveNext(IEnumerator, IntPtr)
    21.  
    22.  
    I don't see anything wrong too... I'm lost :)

    https://screencast.com/t/2XMUhli7cZXn
     
    Last edited: May 7, 2018
  21. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    I'v added some code (instance etc..) but nothing change password error,

    If I put hardcoded password it'works...

    Code (CSharp):
    1. public void OnSeConnecterBtnClicked(string user_name, string password)
    2.     {      
    3.         go_loading.SetActive(true);
    4.        
    5.         Debug.Log("user_name = "+user_name);
    6.         Debug.Log("password = "+password);
    7.        
    8.         login_credentials.Set( "username", user_name);
    9.         login_credentials.Set( "password", "admin");
    10.        
    11.         //let's see if we can login...
    12.         WULogin.AttemptToLogin(login_credentials);
    13.     }
    It's crazy ! do you think TextmeshProUgui text cause this ? Me not I'v tested with Ugui inputfield too it's same error
     
  22. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    After some test the only way to work it's keep all in one function, not send string to another function :

    Code (CSharp):
    1. public class SeConnecterController : MonoBehaviour
    2. {
    3.     public ManagerCredentials managerCredentials;
    4.    
    5.     public TMP_InputField inp_NomUtilisateur;
    6.     public TMP_InputField inp_MotDePasse;
    7.        
    8.     public void SetCredentialString()
    9.     {
    10.         managerCredentials.OnSeConnecterBtnClicked();
    11.         //create the login details
    12.         cmlData login_credentials = new cmlData();
    13.  
    14.         login_credentials.Set( "username", inp_NomUtilisateur.text.Trim());
    15.         login_credentials.Set( "password", inp_MotDePasse.text.Trim());
    16.        
    17.         //let's see if we can login...
    18.         WULogin.AttemptToLogin(login_credentials);
    19.     }
    20. }
     
  23. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    I am curious about something... when you said the debug statement prints your password as ****** was that you hiding the password from this thread or is that what is actually printed in the debug panel? If that is what is printed in the debug panel then you have your problem....

    That would mean that you are fetching the wrong value from ino_MotDePasse. You are looking for the value that it replaces with *****, not the actual display value they are showing as *****.
     
  24. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
  25. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Google is your friend:
    https://forum.unity.com/threads/password-inputfield-value.264745/

    Seems people have been having this issue for while but just read the latest docs and see what yu are supposed to use nowadays. If debug.log shows ***** then you are sending "*****" as your password. It is that simple.

    You need to determine what they call the visisble text and what they call the value but that is a Text Mesh Pro documentation issue. I'm afraid I use TMP far too little to be of much help here...

    Hence why I suggested Google instead :p
     
  26. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Hey Dude,

    I'v added some meta-key in Fetch_meta_info :

    https://screencast.com/t/MiVvx0he7Je0

    How I can get the value now ?
    I can debug

    Debug.Log(WULogin.username);
    Debug.Log(WULogin.display_name);
    Debug.Log(WULogin.registration_date);
    Debug.Log(WULogin.email);
    Debug.Log(WULogin.nickname);
    Debug.Log(WULogin.roles);

    But meta_key added ?

    Thanks
     
  27. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Yo, yo..! :)

    It is stored in the exact same variable as every other field returned during login. Try this:
    Code (csharp):
    1. Debug.Log( WULogin.fetched_info.ToString() );
    You will notice all the variables (custom and otherwise) all right there.
    Thus, to get the field you highlighted in that image just call it by name. Like this:
    Code (csharp):
    1. Debug.Log( WULogin.fetched_info.String("first_name") );
    Job done! :)
    Enjoy :)
     
    Last edited: May 19, 2018
    ibompuis likes this.
  28. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Yep so simple job I'm enjoy :D:D thnaks Dude
     
    MrDude likes this.
  29. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Hey Dude,

    Sorry for disturbing you :)

    I try to call wp function in unity with param...

    But I dont know how to get params on wp...

    In unity_function.php:

    Code (CSharp):
    1. function customRegisterSubscriptionMetaUser($args)
    2. {
    3.    // get all $args
    4.  
    5.     SendToUnity(SendField("subscribedResult", "good" ));
    6. }
    7.  
    and on unity :

    Code (CSharp):
    1. enum WUExpActions
    2.     {
    3.         RegisterSubscriptionMetaUser
    4.     }
    5.  
    6. const string filepath = "wuss_expansion/unity_functions.php";
    7. const string ASSET = "CUSTOM";
    8.  
    9. RegisterSubscriptionMetaUser(6, ParseResponse, ( cmlData result ) => Debug.LogWarning( result.String( "message" )));
    10.  
    11.  
    12. static public void RegisterSubscriptionMetaUser( int id, Action<CML> onSuccess, Action<cmlData> onFailed = null )
    13.     {
    14.         cmlData data = new cmlData();
    15.         data.Set( "field", "p" );
    16.         data.Seti( "pid", id );
    17.         WPServer.ContactServer( WUExpActions.RegisterSubscriptionMetaUser, filepath, ASSET, data, onSuccess, onFailed );
    18.     }
    In simple word I need to get in php function the id of user and the number 6 passed in (RegisterSubscriptionMetaUser(6,...)

    :) thanks
     
  30. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    This is basic php you are asking about. Google "$_REQUEST" or "$_POST" or "$_GET" for in depth detail on how this works.

    The simple answer is this:
    If you sent the data the way you did in that example then the result will ALWAYS be found in $_REQUEST['pid'] in php as well as EITHER in $_POST['pid'] OR $_GET['pid'] depending on whether you used the POST or GET method.

    This is php 101 and falls completely outside the scope of my support. If you need to learn php then I recommend going to w3school.com as they are awesome at simplifying things down, giving lots of examples and even "try it yourself" options. Excellent place to learn.

    The reason why I am replying here, though, is because if you take the time to actually look at any of the code I include in any of the php included in any of the WordPress assets you will see that I don't use any of those three arrays to fetch my data with. Depending on your server setup if you try to use a field that doesn't exist it might either send you back an empty string or it might simply throw an error and stop the rest of the script from running. To safeguard against that you just have to add a simple line of code or two around every single variable you try to use every single time you try to use it....

    That got really old really quickly and so I wrote a function to do that error checking for me and now, if you look at ANY of the php files that you got with ANY of my WordPress assets you will find that I ALWAYS use either Posted('whatever') to fetch strings and Postedi('whatever') to fetch ints. there is also a Postedf() but I hardly ever deal with floats so you won't see that very often. Thus, "how do I get my value in php?" just google that exact phrase and you will get a million sites answering that for you... but if you look at my code you will see I make life far simpler for you.

    Instead of doing this:
    Code (csharp):
    1. $pid = 0;
    2. $field = '';
    3. if (isset($_REQUEST['pid']))
    4.     $pid = intval($_REQUEST['pid']);
    5. if (isset($_REQUEST['field']))
    6.     $field = $_REQUEST['field'];
    for every single variable you pass to your code... You can now simply do this:
    Code (csharp):
    1. $pid = Postedi('pid');
    2. $field = Posted('field');
    Job done :)
     
    Last edited: May 22, 2018
  31. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    Thanks dude, Sorry but question is related to unity too... :)

    In unity I write :

    Code (CSharp):
    1. RegisterSubscriptionMetaUser(1, ParseResponse, ( cmlData result ) => Debug.LogWarning( result.String( "message" )));
    2.  
    3. static public void RegisterSubscriptionMetaUser( int id, Action<CML> onSuccess, Action<cmlData> onFailed = null )
    4.     {
    5.         cmlData data = new cmlData();
    6.         data.Set( "field", "p" );
    7.         data.Seti( "pid", id );
    8.         WPServer.ContactServer( WUExpActions.RegisterSubscriptionMetaUser, filepath, ASSET, data, onSuccess, onFailed );
    9.     }
    10.    
    11.     static public void ParseResponse( CML response )
    12.     {
    13.         //Debug.LogWarning(response.ToString());
    14.  
    15.         Debug.Log(response [0].String("subscribedUser"));
    16.         Debug.Log(response [0].String("subscribedPid"));
    17.         Debug.Log(response [0].String("subscribedField"));
    18.     }
    and on php:

    Code (CSharp):
    1. function customRegisterSubscriptionMetaUser()
    2. {
    3.     $user = get_current_user_id();
    4.     SendToUnity(SendField("subscribedUser", $user ));
    5.    
    6.     $pid = Postedi("pid");
    7.     $field = Posted('field');
    8.    
    9.     SendToUnity(SendField("subscribedPid", $pid));
    10.     SendToUnity(SendField("subscribedField", $field));
    11. }
    Why on debug I have only :

    1555 for user id and subscribedPid empty and subscribedField empty too ?
    Why I can't get the int of RegisterSubscriptionMetaUser(1 etc..

    I missing somthing ?
     
  32. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    All my kits work as expected so please feel free to look at any of my code as reference. Custom scripting for custom actions not featured in my assets fall outside the scope of my support.

    If you would like for me to create custom functionality you are most welcome to check my availability on my website's front page and if I am available (as I am at the moment) you can hire me for a short term contract job.
    I'm cheap but I'm good at what I do and well worth it :)
    Awesome combination, wouldn't you agree? ;)

    But for the record (as you can see in all my functions), the response should have been:
    Code (csharp):
    1. $response = SendField("subscribedUser", $user);
    2. $response .= SendField("subscribedPid", $pid);
    3. $response .= SendField("subscribedField", $field);
    4. SendToUnity($response);
     
    Last edited: May 22, 2018
  33. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    For those of you who didn't read about this back when I first posted about it (a few pages back) allow me to give you all a quick refresher...

    p.s. if you don't plan on writing custom actions or changing my code and just intend on using it as is then you can skip this post.

    So back when this kit just got started I used to send back text as and when I needed to. This worked real well unless you had some or other plugin that caused whatever problem on your website or if you had a plugin that sent back ads via iframes etc. My kits expected the server's responses so when your site started sending back html formatted errors or iframes or whatever, that completely broke my code.

    I spent ages explaining and walking through the details with an endless number of customers who had problems with their websites that had nothing to do with me or my assets but they broke my assets because of it. So I started adding in code to filter valid responses from junk data that was being sent along with it. That worked a treat and for a while all was well...

    Until that fateful day when that one customer asked that one question I couldn't understand and had to see for myself... after getting over the shock of seeing this in action I posted on this very forum asking Unity or anyone who could provide me with an answer to do so and someone from Unity finally did... What a horror to discover that .NET and Mono handles base64 encoded strings differently! :O

    Mono handles multiple base64 encoded strings just fine but .NET falls flat on it's face when you send back 2 strings as one concatenated string. This meant that my kits worked absolutely perfectly for all platforms EXCEPT Windows Store. That would simply not get past the login screen without getting it's first error and thus that is as far as anyone could get. stuck at the login screen.

    The fix was for me to go into every single function in every single kit and make sure that I only ever send back one string. I had to concatenate all my responses and only encode it right before I send it back. And so I did just that. I modified every single function in every single script to make sure it calls SendToUnity only once with either an error or the response.

    As an added bonus this made it easier to sort server responses from junk data since I could now prefix and suffix the server response with a constant string and simply extract everything in between, knowing this is the server's response. Everything before and after that constant is treated as trash.

    So there you have it. A quick recap of a bug I fixed ages ago. If you are going to be using that free sample asset I posted earlier to create your own custom actions, it might be useful info to have. Hence the quick recap. :)

    Hope it proves helpful
     
  34. ibompuis

    ibompuis

    Joined:
    Sep 13, 2012
    Posts:
    52
    :D:D:D:D:D:D:D Very clear now :oops::oops::oops::oops::oops::oops:
    This why ny variable was empty... It's realy nice addon this WUSS_Expansion !!! realy thanks Mr Dude
     
    MrDude likes this.
  35. dittt

    dittt

    Joined:
    May 29, 2013
    Posts:
    20
    hi,
    I'm not sure if this is a right place to ask question about your wordpress asset, couldn't find support email or something.

    My wordpress site allows user to login/register with facebook and I want them to login with facebook in unity as well.
    Is it possible with your Wordpress Login asset?
     
  36. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Hi dittt

    Unfortunately not, no. Facebook uses a login system that requires you to get tokens and communicate backwards and forwards, most likely having to display a popup window with HTML created by Facebook themselves to do the actual login before the two way communication continues.... Unity, on the other hand, wants you to send a URL and get the response it generates. The end.

    Having said that... I just had this same discussion with someone else only yesterday and there is a solution to this problem. You will need to modify one of my functions and paste it into that free asset I posted above. After that you will need to install the official Facebook SDK from the Asset Store and log in using that. Once you have logged in successfully via that and are in possession of the user's email address then you can use that to log into the WordPress site, yes.

    I was actually considering doing an update in which I demonstrate this but that would require that I include the Facebook SDK in my asset or my asset will throw errors for trying to use code that isn't there... yet if I include it then it will most likely get outdated real quick as Facebook loves changing their login systems (which was the main reason why I stopped giving a damn about Facebook a long time ago). So yeah, I'm still thinking how I can demonstrate this to people but if you add a button to my login prefab that starts the Facebook login progress via their official Unity asset then login in to WordPress after they have logged in that way can be automated,yes.

    If you get this kit before I have done some sort of "How to" video or code or something, contact me and I'll help you out.
     
  37. dittt

    dittt

    Joined:
    May 29, 2013
    Posts:
    20
    Thanks for the quick explanation, MrDude!

    I bought your kit and am following the documentation.
    So, which function should I modify to make it work?

    If you are making video or code on this soon, I can happily wait.
     
    Last edited: Jun 6, 2018
  38. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Actually, in expectation of this moment I went and updated the asset to see if I could make this work. Send me an email to support@mybadstudios.com with your invoice number and I will send you the updated files.

    You have two options:
    1. Call the function directly passing in a CMLData object as the parameter (ideal) or
    2. Go through the prefab and call the ready made function in there

    So how it works is like this:
    1. Login using whatever system you have to login (for example, using the official Facebook asset from the asset store)
    2. After successful login make sure you get the user's email address returned from that system
    3. Call the TrustedLogin function passing in the email address as the parameter.

    That is all. If there is no account on your website with that email address then you will receive an error saying they have to create an account first. If the account is found then they are logged in as normal.

    Thus, WordPress login now supports Facebook, youTube, Twitter and any other site there is as long as you can handle the actual OAUTH part of the login to those sites.

    So, to summarise, all that other stuff I said you will have to do. That is now moot. I built the support right into the kit itself. This is the newly added function in WULogin:
    Code (csharp):
    1.         static public void AttemptTrustedLogin( CMLData fields )
    2.         {
    3.             WUCookie.ClearCookie();
    4.             WUCookie.StoreCookie();
    5.             fields.Set( "wul_fields", FieldsToFetch );
    6.             WPServer.ContactServer( WULActions.TrustedLogin, filepath, LOGINConstant, fields, __onLoginSuccess, onLoginFailed );
    7.         }
    and this is how I use it inside the prefab:
    Code (csharp):
    1.        public void DoTrustedLogin( string email )
    2.         {
    3.             email = email.Trim();
    4.             if ( !email.IsValidEmailFormat() )
    5.             {
    6.                 Debug.LogWarning($"{email} is not a valid email address");
    7.                 return;
    8.             }
    9.             CMLData data = new CMLData();
    10.             data.Set( "email", email );
    11.             WULogin.AttemptTrustedLogin( data );
    12.             DisplayScreen( panels.login_menu );
    13.         }
    So to recap... Login with the Facebook asset and once your login succeeds and you have the user's email address just call "DoTrustedLogin(users_email)" and that is all there is to it. Simple :)

    This will be included in a future update of the asset but for now just drop me an email with your invoice number and I'll send you the updated files. :)

    EDIT: The updated asset is live now for those who bought the asset directly on my website or via itch.io
     
    Last edited: Jun 6, 2018
  39. dittt

    dittt

    Joined:
    May 29, 2013
    Posts:
    20
    I just sent you an email from hotmail. You are making my life smooth.:)
     
    Last edited: Jun 6, 2018
  40. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    lol :) As always, I aim to please :)

    ...but in this case, though, after years of telling people "No, you can't login with Facebook" I am sitting on he tip of my chair waiting for you to post a screenshot of the plugin with a Facebook button added somewhere (I recommend the panel with the normal login button) and posting something along the lines of: "It's alive, people! It's aliiiiiive!" or "It liiiiiiiiiives" or "It works! It actually works! You are the greatest person in all the world. Thank you for being so amazing and so awesome and just the best person to ever be born since Adam!" ...you know, the usual kind of stuff ;) :D :p

    Can't wait to see your screenshot posted! :D

    As always, if you need any help, I'm just an email away so feel free to contact me.

    Enjoy! :)
     
  41. dittt

    dittt

    Joined:
    May 29, 2013
    Posts:
    20
    Facebook login seems successful in WEBGL.

    DT0.png
    DT1.png


    But there is no log-in record, only log-out is recorded in wordpress dashboard like the following screenshot.

    donuldLogout.png

    Maybe you know about this?


    And I think facebook registration also can be done like this.

    Code (CSharp):
    1. If(ifFacebookLoggedIn)
    2. {
    3.      if(isEmailAlreadyRegistered)
    4.          {
    5.               DoTrustedLogin(email);
    6.          }
    7.       else
    8.         {
    9.              //some code to generate password
    10.               pass = GeneratePassword();
    11.               DoRegistration();
    12.          }
    13. }


    This way new facebook user can login without visiting website to register. Will you add this functionality to next update?


    Conclusion, I am really happy now. And you are one of the best 12 guys in the universe!
     
  42. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Best 12? Ghmpf. I would have thought I at least made the top 10. Ghmpf! [grumbles]

    I use WordPress functions to log in and log out but I write my own code to call both. There are a lot of hooks in WordPress with a lot of them only called at certain times (like for example, after the theme has successfully loaded which in this case is never called). I am assuming that this logging of users logging in and out is done by (some plugin?) during a specific hook that is not called via this login process. I'm afraid you will have to figure that part out yourself if you want to log your site's user's activities for investigation like this. That is outside the scope of my kit's functions.

    As for that function of yours, how do you intend to get the values for isFacebookLoggedIn and isEmailAlreadyRegistered ? I can certainly add those two booleans to the class and add that function, sure, but how would I set them so the function would have any point to it? isFacebookLoggedIn would obviously be set by you in response to the Facebook SDK's login callback (which I am not including in the kit for a number of obvious reasons like: 1. Not everyone wants it, 2. Why include an old version of something they can download the latest version for free at any time? etc...). isEmailAlreadyRegistered would require a call to the server to check through the users database, locate the email and then return true or false, call a callback in Unity when the server's response is ready then somehow let you know that the test WAS actually done and that the bool is now set and not on it's default value of false.

    It would be much easier for you to simply change the default values of what happens when the onLoggedIn and onLoginFailed callbacks are called. I.e. do something like this:
    Code (csharp):
    1. void OnLoginButtonClicked(bool use_facebook_SDK = false, string email = "")
    2. {
    3.     onLoginFailed = use_faceboook_SDK ? DoRegistration : (CMLData response) => Debug.Log(response.String("message");
    4.     if (use_facebook_SDK) DoTrustedLogin(email); else AttemptToLogIn();
    5. }
    Now, when you click on the Facebook login button or when you click on the normal login button just call that function. Remember, the Facebook plugin will tell you if your login to Facebook was successful or not but my kit will return a failed login only if the email address was not found... Thus, if facebook login succeeded then my login will succeed also... but if Faceboook login succeeded and my login failed then it is exactly what you said above... "if isFacebookLoggedIn && ! isEmailAlreadyRegistered". The difference is that you call either the normal or the Facebook login function and just treat the errors differently based on which one you used.

    Make sense?
     
    Last edited: Jun 11, 2018
  43. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Lol... I just got a one star review from someone who didn't read the Unity manual :D
    He actually even left the bad review for the wrong asset. :) That absolutely deserves a facepalm. :D

    Just to prevent anyone else from publicly humiliating themselves like that guy, let me just give you a quick refresher...

    As stated in the product description, these assets require Scripting Runtime Version 4.6. This is a feature of Unity, not something that I created so please don't blame me for Unity's default setting still being the outdated .NET version! This is already fixed in the current Unity 2018 public release I believe

    In any event, in order to use these assets you need to select .NET 4 from the
    PlayerSettings->OtherSettings->ScriptingRuntimeVersion dropdown.

    Unity will now restart and you will be good to go.

    EDIT:
    @dittt Thanks for your stellar review of the Login kit, mate. I just saw it. Glad you are happy. Guessing I don't need to tell you this but if you have more questions, you know how to get a hold of me. :)
    Enjoy!
     
    Last edited: Jun 11, 2018
  44. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    All assets successfully uploaded and approved for 2017.3. Phew.... far more painless than I was expecting.
    This means the 2018.1 minimum requirement is now a thing of the past.

    Those of you who bought the MBS Core versions of the kits, you've got extra goodies in your arsenal now so be sure to check out what's new in MBS
    Core

    Enjoy.
     
  45. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    I caved. WordPress Achievements is now available on the Asset Store.
     
  46. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    Over the years I have had many customers who install my plugins, hit play and jump for joy as everything just works out of the box.

    Unfortunately, I have also had a fair share of people who just couldn't get the kits to work. It turned out that their server was configured incorrectly and after a few button presses in cPanel or asking their web host to enable this or that, everything worked perfectly. You will see in a couple of my product reviews that people rate my assets as 5 stars but write in the comments that they had some problems but on their end which, after being resolved, everything just worked hunky dory. One example I've seen a few times is that php is not executed but instead the php code is sent to the browser instead. Thus, if you find the assets don't work, mot of the time contacting your host and saying "What's up, man?" will result in it working for you then.

    In some rare instances, though, I have encountered customers on web hosts where no matter what they tried, the kits simply did not work. Either not at all or only the password recovery emails didn't get send out or, as per the most recent case, everything works except "remember me" and only for Android builds. Some people just didn't like the struggle while others, no matter how much the struggle, just couldn't get their server configured to behave properly so they went to a new host and found my kits worked there with absolutely 0 configuration required and no hassles or customer support in sight...

    Thus, I wanted to let you guys know that I have been hosting my sites on 1and1.com ever since I created these kits nearly 7 years ago now and over there, it just works. If you guys are looking for a web host to use, go here: https://tinyurl.com/wusshost I've made a tiny url that is easy to remember. Get a shared hosting or get a VPS (they start from as little as $5), whichever you choose, but in my experience, hosting with them has been entirely painless over the years. So... if you need to change hosts but don't know who to go with, I recommend them.

    https://tinyurl.com/wusshost

    Hope this proved helpful.
     
    obstudio likes this.
  47. Gekigengar

    Gekigengar

    Joined:
    Jan 20, 2013
    Posts:
    374
    Hello, I want to ask about the security side of things.

    How secure is this plugin?

    What prevents user from acquiring other user’s data?
    What prevents user from calling for example User.AddCurrencies(currency, 6) by modifying the game code on the client side?

    How does the client request access to the database?

    How is the access credentials to the db handled?
    Is there any external servers to handle the login server and such?

    Thank you!
    Potential Buyer
     
  48. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    1. I would not call this the most secure system in the world. As you will read below, I let WordPress do the security side of things so basically my system is only as secure as your website is.

    If you Google it you will find that many people say WordPress is not secure at all but when you Google the exploits and ways in which people compromise WordPress websites you will find that it is mostly 3rd party vendors (like myself) who write poor code and once someone installs that plugin on their website the hackers exploit the poor coding in the third party plugin to gain access to the site in some way or another.

    Thus, the more plugins you install the more chances that your site can be breached... yet they update that stuff so often it's a moot point. Just keep your plugins up to date and your site is golden. So I repeat; How secure is MY system? Only as secure as your website is...

    2. All data you could fetch was data that was generated by the games,nothing else from the website apart from that. All code was written specifically to allow you access ONLY to your own data and keep every user's data 100% isolated from one another. Unfortunately, as soon as this plugin was released, not a week passed before the first time someone asked me "I want to access the data of other players. How do I do that?". After years of saying "You don't" I finally added the ability for developers to do so.

    How do developers get hold of other users data? Simply call the appropriate function and pass in the id of the user who's data you want to access. How do users get access to other people's data? The developer must build that functionality into the game to let them do so or else they can't.

    3. The user can do nothing that the developer doesn't build into the game. If you don't have a function to give currencies then the user can do nothing that gives himself currency. Thus, if the user wants to give himself currency, the app developer must first write the code to allow him to do so. I suspect you had a different meaning with this question and if so that is answered below...

    4. and 5. When you log in you receive the same cookie that you get when you log in via a web browser. Just like a normal session in a browser uses the cookie to determine who you are, I do exactly the same. WordPress has it's own code for determining who you are and then fetching your data from the database. I simply send it the cookie and it then determines who you are and what data is yours. From there all code I run uses WordPress's $current_user->ID to work on the current user's data.

    The key thing to take away here is that I don't do the authentication, WordPress does... and it uses the same code in my assets as it does in your browser of choice.

    The entire system has been refined and simplified a lot since it's original inception and the process now is super straightforward:
    1. You log in by sending your username and password. Here I use the login functions that WordPress normally uses and it then does alllllll the same validations that it does when you log in via a browser. If successful, it sets a cookie with the understanding that the browser will store it but, instead, I save it locally.

    2. Whenever I contact the server I attach the cookie to the call and WordPress then identifies you based on that. MY code then specifically target's the $current_user->ID value to make sure I work with the data of whoever is logged in and do my operations on that user's data, whoever WordPress tells me that happens to be

    That's basically it.
    External servers to connect to the servers? Nope.
    Authentication is handled in the same was that web browsers do:
    I let WordPress do the grunt work, I just send it the data it needs.

    The only additional steps that I take to prevent people from just calling random functions by typing the details into a URL in Chrome (for example), are these:

    1. Most of the functions will only get called if you are logged in and WordPress has authenticated your cookie. The only functions that can be called without first being logged in are the login functions which I manually list in an array of allowed functions. Those and only those functions can be called without being logged in

    2. All functions to be called are prefixed with the name of the asset. if you do not provide a prefix then one is added by default. Only at this point is the function called IF the function with that name is found

    3. On a game by game basis I allow you to specify a security string inside the prefab and on the website. This string is NOT set in code and thus cannot be seen by reflecting the code. If you have this key set on either the prefab OR on the website then either both must match or I do not call the function you attempted to call.
    Thus, as soon as the value is set on the server side nobody can call anything without knowing that security string. Every single time you contact the server with that string set in the prefab I generate an MD5 token based on the key and all the data being sent which I send along with the transaction (i.e. the token is different for every action and for every user).
    If the server can't generate the same md5 token, sorry, but your function will not get called.

    And that is basically it...

    TLDR version:
    WordPress has it's own authentication and user validation system and I let WordPress do what it does.I don't interfere. Thus, if you think WordPress is secure then use my kit. If you don't think WordPress is secure then my kit will do nothing to change your mind. In addition to letting WordPress itself do the user authentication and selecting what data to work on I just add a few extra steps of my own to prevent you from being able to just randomly calling any function that exists on the website, restrict you to only calling MY functions and also restrict you in terms of WHEN each function can be called (by limiting logged out function calls to only a handful of predetermined functions).

    That's it. That's the whole shebang

    Hope that answers your questions. If you have more, feel free to ask
     
    Last edited: Jul 7, 2018
    Gekigengar likes this.
  49. Gekigengar

    Gekigengar

    Joined:
    Jan 20, 2013
    Posts:
    374
    Thank you for the great long answer!
    I can understand all the security measures, that prevents anyone from calling the function through browser, through cookies, and security string.

    But there is one other thing I wonder about.
    How much trust is given to the game client function calls?

    Lets see in this example case.
    The game is a common RPG, on which user could level up by killing monsters.
    This means, the "Level up" function exists in game legitimately, and is built by the developer into the game.
    1. User injects a line of code which makes the "Level up" function to be called from a button that already exist in-game.
    2. User Logs On to the WordPress accounts. (Cookies authenticated legitimately)
    3. User rapidly press the button that will call the same "Level up" button, as if the player legitimately killed monsters to level up. (This means function is called in a "Legitimate" way from within the game, and prefab security string & token matches the web, because it is already a legitimate function and is called from within the game.)

    How is this sort of cheating prevented? Is there some sort of server-side logic to actually prevent the function from being called "Legitimately"?

    Thank you!
     
  50. MrDude

    MrDude

    Joined:
    Sep 21, 2006
    Posts:
    2,569
    I don't deal with that at all. That has nothing to do with security but has everything to do with game design.

    The only way to prevent that kind of cheating is to have an authoritative server running and having IT decide who gets what. The client's calls go to the server and the server decides if the player should/should not get the new level... and if so it will then update the user's details as appropriate, when appropriate.

    For example, you would not have a "LevelUp" public function but instead you would have a "ReceiveXP" public function which would be requested on the game server. The server game then decides if and when the player should level up (i.e. are we currently inside a match or not? The server is written in C# and it is thus YOUR logic that dictates when what happens). This request is sent from a client to your authoritatively running server game instance which is a non-modded instance of your game running on your server hardware and thus cannot be hacked. If your game logic is up to scratch then you don't have a problem.

    Side note:
    Here is a thought to get you worried: BOTS. OverWatch is run as un-modded server instances and yet the server does receive function calls from clients to do all manner of stuff that the game wasn't designed to do. How does a game like OverWatch prevent all bots from working? Discover them and release updates to prevent them for working. That and player bans. This is a company with $billions in the bank and a shlew of programmers at their disposal and well over a million players who can spot and report bots... and how many bots have their been thus far? How many are there still? Now, let me ask you this question: If they stored their game data via WordPress or via direct database access, do you think that would have prevented even one of the bots from being created?

    If you use a system where any player can be the host/server then you COULD have a hacked binary, sure. Your question can now be applied as "What prevents the user from calling the RecieveXP function in the game they hacked?". Once they have figured out what the token is that gets generated for a specific amount, then nothing prevents them from calling that function as often as they wish even without running the actual game.

    Remember, it differs based on user and action so the token generated for Get1XP and Get10XP are worlds apart and half of the code required to generate that token is hidden from them even after reflecting the code... but if they memory sniff the outgoing data packets and discovers a full data and token combination then nothing prevents them from calling the function on the server directly as often as they want to.

    Your question now changes from "How does your WordPress security handle cheating?" to "How does your WordPress kits prevent users from hacking my binary and changing my code in any way they want?".
    The simple answer: it doesn't.

    Let me turn that question around... If you were to play a single player game that has no online database or no online requirement of any kind... If someone injects a line of code into that game to make the "Level up" function be called from a button that is already in the game. He can now click that button repeatedly and the function is called legitimately. How is that sort of cheating prevented in that game?

    Preventing cheating is one thing, storing your data is another. WordPress Login uses a cookie to determine 'Who is this player?" and WordPress User data stores the data that your game tells it to store. How you implement the game logic to determine who is trying to cheat, that is up to you. You might want to use this to try and tackle that problem:

    Anti-Cheat Toolkit

    Remember, I store what you tell me to store. I don't know if the code in your app was written by you or injected by someone else. If the code is inside your game then it's part of the game and if that code tells me to store a billion XP points I have no reason to NOT do what the game tells me to do. If I were to implement a system that decides: "When the game tells me to do something, decide if I am going to or not and do what the game tells me to do whenever I feel like it", how would that logic even work???
    My approach is simply this: Make it as hard as possible to cheat via directly calling the server but always trust any instructions originating from within the game

    If you expect my online systems for accessing your data to somehow prevent someone from modifying your already-built, binary, executable file then my kits are not what you are looking for, I'm sorry to say. The kit I linked you to above may or may not prevent hacking of your game and may solve the issue you mention but as for my kits, they do as the game tells it to do. It does not decide for itself when the game is legit or when the game has been modified and decide by itself to do as the game instructs it to do or not.

    As long as the request is authenticated, it is executed. Plain and simple.

    I have no meas at all to determine if the code was written by you or someone clever enough to inject code into your game after you built it. Sorry to disappoint :(
     
    Last edited: Jul 7, 2018
    Gekigengar likes this.