I'm developing an Android and iOS game, I need to call the php pages to collect and enter data into the database mysql.
Sending and reception of data works properly, the problem is that the data sent is not encrypted, but this I can solve it with the ssl certificates, in order to have all the data send encrypted.
The other problem is that with some appropriate programs (example: Charles Proxy) you can see the address pointed to my php file, and consequently you can resubmit the packet over and over again.
For example:
This is my test.php:
$code = $_POST['SecretCode'];
if($code == "secretcode")
{
// Connect to DB and increment 'i' value
}
This is my C# code in Unity3D:
public IEnumerator test()
{
WWWForm form = new WWWForm();
form.AddField("SecretCode", secretcode);
WWW www = new WWW("http://sitename.com/test.php", form);
yield return www;
if(www.text != "")
{
// Returned value
}
}
Now, if from my game I call the 'test ()' function, the php called check the security code, and if it is right, will increase the variable on the database.
While the game sends this request, Charles Proxy can see the request and therefore I can with Charles resend endlessly the request, increasing endlessly the value in the database.
To make you understand better I'll show you a picture that sums it all:
http://postimg.org/image/x3owvt5il/
Finally there is a way to make invisible the php file or make it look unknown? Or just do not change the value on the database if someone tries to repeat these requests?
