Sharing Session over IP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
JonEllis
Forum Newbie
Posts: 2
Joined: Sun Dec 03, 2006 2:40 am

Sharing Session over IP

Post by JonEllis »

Hello,

I am currently writing a 2 player game of Battleships in PHP.

to easily share information between the two users, i thought that a shared session could be simple and effective.
Trying to find a way of doing this has proved to be harder than i thought.

I'd imagine this is bad practice, but as the session information is not sensitive in the slightest, i think i'm going to ignore this.

When the first player enters, it saves the session ID into a "waiting" file, and writes the players name into the session.
When the second player enters, the waiting file is opened and the session ID changed to the one saved in the text file.
then a secondary check is made to see if the first players name exists within the session. if it does, then the player2's name is also written into the session. If the first players name is not present, then the second player then becomes the first player, and the file is written for the next user.

I believe this is where the problem is - i think that when the session ID is changed, the old data within the session is lost.

also, the encrypt and decrypt functions do not alter the string yet - i'll get this part working first.

Code: Select all

$filename = "public/waiting.txt";                // path to waiting file
    if (file_exists($filename)){                     // if the file exists then
      $temp_array = file($filename);                 // read file for sessionID
      print $temp_array[0];
      session_id(decrypt(rtrim($temp_array[0])));    // decrypt sessionID from file and set it as the current ID
      unlink($filename);                             // delete waiting file
      
      if($_SESSION['player1']){                      // if player1 exists (the session exists)
        print "&player_id=2&";                       // tell flash that player is 2
        $_SESSION['player2'] = $name;                // assign name to player2
        print "'player1' = ".$_SESSION['player1'];
      }else{
        print "&player_id=3&";                       // tell flash that player is 1                  // change back to 1 when fixed
        $_SESSION['player1'] = $name;                // assign name to player1
        $writer = fopen($filename, 'w');             // open file for writing
        fwrite($writer, encrypt(session_id()));      // write encrypted IF into file
        fclose($writer);                             // close the file
      } // end if($_SESSION['player1'])

    }else{
      $_SESSION['player1'] = $name;                  // assign name to player 1
      print "&player_id=1&";                         // tell flash that player is 1
      $writer = fopen($filename, 'w');               // open file for writing
      fwrite($writer, encrypt(session_id()));        // write encrypted ID into file
      fclose($writer);
    } // end if(is_writable($filename))
Any help would be greatly appreciated.
User avatar
ok
Forum Contributor
Posts: 393
Joined: Wed May 31, 2006 9:20 am
Location: The Holy Land

Post by ok »

Instead of handle this complicated code, you can write session mechanism for your game (maybe using db tables...).
timclaason
Forum Commoner
Posts: 77
Joined: Tue Dec 16, 2003 9:06 am
Location: WI

File Code

Post by timclaason »

I'm always more inclined to use DB than a file -- in fact, I avoid writing to a file unless end users are actually going to be viewing the file.

I would have a table called rooms with columns: roomid (autoincrement), createdate (for script to delete all rooms older than a certain age), player1, player2

Here's how my pseudocode would go:

createroom.php
--------------------

Code: Select all

//Check to see if player 1 has already created a room.  If he/she did, destroy it. 
if($myClass->userRoomAlreadyExists($_SESSION['player1']))
    $myClass->deleteRoom($_SESSION['player1'], $myClass->getRoomName($_SESSION['player1']));

// Then create a new one
$myClass->createRoom($_SESSION['player1']);
viewrooms.php
--------------------

Code: Select all

//Do a simple SQL query to find all rooms where table rooms has a player1 value but not a player2 value
//Like SELECT * FROM rooms WHERE player1 IS NOT NULL AND player2 IS NULL
$myClass->getJoinableRooms();
//I'd make links for each room with a querystring like ?roomid=$row[roomid]
joinroom.php
-----------------

Code: Select all

//On entering room, update rooms table to set player2=$_SESSION['player2']
$myClass->joinRoom($_SESSION['player2']);
Header("Location: playgame.php");
As in all my posts, please excuse my overt simpicity.
JonEllis
Forum Newbie
Posts: 2
Joined: Sun Dec 03, 2006 2:40 am

Post by JonEllis »

I dont have access to a database for this. Aparantly its a little screwed up.

is it possible to assign the session ID without loosing the data?

I have read that it is possible to get hold of the data, can this exploit be exploited in this project?
Post Reply