Hello,
I need an advice. I will describe my problem shortly.
Currently i am using httputils2 and a php on server side to make my app communicate with server. ( not able to use RDC because i have so many apps like this ) . Instead of sending the complete query as mentioned in Erel's mysql tutorial , I use pre prepared statements in my php file and send only paramters to fill them via app.
For Example for login :
girdi 6 is txtu.text which is username textfield and girdi7 is txtp.text which is password field. I get the json result and if it is success than i proceed the user to next page and get his information.
The problem begins here. What i do is so amateur i think because after login i just show another panel and get the account info of txtu.text from the server.
1) Anybody can alter txtu.text and get another person's account info easily.
2) anybody can show the panel after login without logging in ( if he knows what to do )
So, it is clear that i am not using a correct way here.
Another problem i am having is for example with the in app purchases.When a user buys a virtual money for my game , i have to update the money remotely on my server. In purchasecomplete event of inapp v3 , I call a sub called addmoney so when the purchase is success the app calls addmoney sub. But what i experienced is people alter with the app code and directly call the sub without purchasing and the money is being added to their account.
I need to improve my methods over these 2 problems. Can you give me some ideas about it.
TY
I need an advice. I will describe my problem shortly.
Currently i am using httputils2 and a php on server side to make my app communicate with server. ( not able to use RDC because i have so many apps like this ) . Instead of sending the complete query as mentioned in Erel's mysql tutorial , I use pre prepared statements in my php file and send only paramters to fill them via app.
For Example for login :
B4X:
sendlogin.download2("https://www.server.com/example.php", Array As String ("action", "2", "girdi6", txtu.text, "girdi7", txtp.text))
girdi 6 is txtu.text which is username textfield and girdi7 is txtp.text which is password field. I get the json result and if it is success than i proceed the user to next page and get his information.
The problem begins here. What i do is so amateur i think because after login i just show another panel and get the account info of txtu.text from the server.
1) Anybody can alter txtu.text and get another person's account info easily.
2) anybody can show the panel after login without logging in ( if he knows what to do )
So, it is clear that i am not using a correct way here.
Another problem i am having is for example with the in app purchases.When a user buys a virtual money for my game , i have to update the money remotely on my server. In purchasecomplete event of inapp v3 , I call a sub called addmoney so when the purchase is success the app calls addmoney sub. But what i experienced is people alter with the app code and directly call the sub without purchasing and the money is being added to their account.
I need to improve my methods over these 2 problems. Can you give me some ideas about it.
TY