Page 1 of 1

Sharing Session over IP

Posted: Sun Dec 03, 2006 2:56 am
by JonEllis
Hello,

I am currently writing a 2 player game of Battleships in PHP.

to easily share information between the two users, i thought that a shared session could be simple and effective.
Trying to find a way of doing this has proved to be harder than i thought.

I'd imagine this is bad practice, but as the session information is not sensitive in the slightest, i think i'm going to ignore this.

When the first player enters, it saves the session ID into a "waiting" file, and writes the players name into the session.
When the second player enters, the waiting file is opened and the session ID changed to the one saved in the text file.
then a secondary check is made to see if the first players name exists within the session. if it does, then the player2's name is also written into the session. If the first players name is not present, then the second player then becomes the first player, and the file is written for the next user.

I believe this is where the problem is - i think that when the session ID is changed, the old data within the session is lost.

also, the encrypt and decrypt functions do not alter the string yet - i'll get this part working first.

Code: Select all

$filename = "public/waiting.txt";                // path to waiting file
    if (file_exists($filename)){                     // if the file exists then
      $temp_array = file($filename);                 // read file for sessionID
      print $temp_array[0];
      session_id(decrypt(rtrim($temp_array[0])));    // decrypt sessionID from file and set it as the current ID
      unlink($filename);                             // delete waiting file
      
      if($_SESSION['player1']){                      // if player1 exists (the session exists)
        print "&player_id=2&";                       // tell flash that player is 2
        $_SESSION['player2'] = $name;                // assign name to player2
        print "'player1' = ".$_SESSION['player1'];
      }else{
        print "&player_id=3&";                       // tell flash that player is 1                  // change back to 1 when fixed
        $_SESSION['player1'] = $name;                // assign name to player1
        $writer = fopen($filename, 'w');             // open file for writing
        fwrite($writer, encrypt(session_id()));      // write encrypted IF into file
        fclose($writer);                             // close the file
      } // end if($_SESSION['player1'])

    }else{
      $_SESSION['player1'] = $name;                  // assign name to player 1
      print "&player_id=1&";                         // tell flash that player is 1
      $writer = fopen($filename, 'w');               // open file for writing
      fwrite($writer, encrypt(session_id()));        // write encrypted ID into file
      fclose($writer);
    } // end if(is_writable($filename))
Any help would be greatly appreciated.

Posted: Sun Dec 03, 2006 8:33 am
by ok
Instead of handle this complicated code, you can write session mechanism for your game (maybe using db tables...).

File Code

Posted: Mon Dec 04, 2006 11:45 am
by timclaason
I'm always more inclined to use DB than a file -- in fact, I avoid writing to a file unless end users are actually going to be viewing the file.

I would have a table called rooms with columns: roomid (autoincrement), createdate (for script to delete all rooms older than a certain age), player1, player2

Here's how my pseudocode would go:

createroom.php
--------------------

Code: Select all

//Check to see if player 1 has already created a room.  If he/she did, destroy it. 
if($myClass->userRoomAlreadyExists($_SESSION['player1']))
    $myClass->deleteRoom($_SESSION['player1'], $myClass->getRoomName($_SESSION['player1']));

// Then create a new one
$myClass->createRoom($_SESSION['player1']);
viewrooms.php
--------------------

Code: Select all

//Do a simple SQL query to find all rooms where table rooms has a player1 value but not a player2 value
//Like SELECT * FROM rooms WHERE player1 IS NOT NULL AND player2 IS NULL
$myClass->getJoinableRooms();
//I'd make links for each room with a querystring like ?roomid=$row[roomid]
joinroom.php
-----------------

Code: Select all

//On entering room, update rooms table to set player2=$_SESSION['player2']
$myClass->joinRoom($_SESSION['player2']);
Header("Location: playgame.php");
As in all my posts, please excuse my overt simpicity.

Posted: Mon Dec 04, 2006 11:05 pm
by JonEllis
I dont have access to a database for this. Aparantly its a little screwed up.

is it possible to assign the session ID without loosing the data?

I have read that it is possible to get hold of the data, can this exploit be exploited in this project?