Scratch

Your echo suggestion is what I am currently doing! Maybe there is some sort of SQL command hidden in smalltalk but I'm not sure, it's never struck me as especially designed to link to the internet.

PHP code:
<?php
$con = mysql_connect("dbhostname","username","password");
mysql_select_db("highscore",$con);
$loggedin=("SELECT PASSWORD FROM users_and_passwords WHERE username = '" . $_GET["username"] . "'" == $_GET["password"]);
if($loggedin){
//code to add highscore to database
echo("highscore added");
}
else
{
echo("incorrect username/password");
}
?>


Something like that should work. If you want security, I would use posts rather than gets, but Panther doesn't support them.

Got it to work    Now to transfer to Scratch (might be a challenge because of dependency issues :\)

ScratchReallyROCKS wrote:

wcfs96 wrote:

Got it to work    Now to transfer to Scratch (might be a challenge because of dependency issues :\)

I don't think dependency issues are a problem. If you're able to get it into Panther, then it will work (theoretically). The problem is, it won't be in everyone's copy of Panther, so it would be hard to distribute the project.

Actually I am running into dependency issues (Scratch really takes a lot out from Squeak) The Mysql library would be in the .image so within an update everyone should have it. I'm wondering if I could put Scratch onto the newest version of Squeak and keep all the core libraries so it would be much easier to add things to it. I'll try it on Panther as well but I'm sure I'll run into the same problems I was having with Scratch.

Taneb wrote:

PHP code:
<?php
$con = mysql_connect("dbhostname","username","password");
mysql_select_db("highscore",$con);
$loggedin=("SELECT PASSWORD FROM users_and_passwords WHERE username = '" . $_GET["username"] . "'" == $_GET["password"]);
if($loggedin){
//code to add highscore to database
echo("highscore added");
}
else
{
echo("incorrect username/password");
}
?>

That has a HUGE security flaw. I used a similar script for my website once, and I found it wasn't secure in the slightest.

What you do is just provide a non-existant username with no password and it will let you in. Because there is no entry in the table with the provided username from which to select the password, when you try to access the password variable it will be blank. When compared to the empty password provided, it matches and logs you in.

A better script is as follows:

<?php
$con = mysql_connect("dbhostname","username","password");
mysql_select_db("highscores",$con);
$user = mysql_real_escape_string($_GET["username"]);
$pass = mysql_real_escape_string($_GET["password"]);
$result = mysql_query("SELECT password FROM users_and_passwords WHERE username = '" . $user . "' AND password = '" . $pass . "'");
if(mysql_num_rows($result) == 1){
//code to add highscore to database
echo("highscore added");
}
else
{
echo("incorrect username/password");
}
?>

Last edited by TheSuccessor (2011-03-26 06:16:31)

wcfs96, the Panther website which has a download page on it is here! 

what

sparks wrote:

From what I can tell then, sending the info in the "GET link" is the only method. It shouldn't be too unsafe as the link is only sent quickly to that one place, it shouldn't be too insecure.

I'm determined to get this to work    I'm on their IRC right now trying to figure it out, I think I know what I have to do now to get it to work.

sparks wrote:

From what I can tell then, sending the info in the "GET link" is the only method. It shouldn't be too unsafe as the link is only sent quickly to that one place, it shouldn't be too insecure.

It is definitely possible to get POST to work with Squeak. Look at the upload dialog source for Scratch projects. It is definitely using HTTP POST. We only have to adjust it...

sparks wrote:

hmm, you have a point. How does the page read it though? If the information isn't being sent in the link, where is it put?

Also, you know when you import a sound into scratch, it says down-sampling and converting to mono? What's with that? Can I get rid of it and keep high quality stereo sound or is it physically not possible for squeak to play stereo sound?

Possibly.
It might be Squeak's problem, or maybe the Scratch Developers implemented it so the project size wouldn't be too impossible when sound was added.