...

View Full Version : Get Data From API



Gamerholic
11-14-2012, 08:56 PM
I'm building an API that allows game developers to send and retrieve user info from my database.

I was finally able to put together the API, but now I need to call the API.

1st when the game initiates, it sends us the game developers key their developer id and game id.


//Game loads, get developer key, send token and current high score

// == [ FIRST FILTER - FILTER GET REQUEST ] == //
$_GET = array_map('_INPUT', $_GET); // filter all input


// ====================================== //
// ============[ ACTION MENU ]=========== //
// ====================================== //

if(!empty($_GET['action']) && !empty($_GET['user']) && !empty($_GET['key']) && !empty($_GET['email']) && !empty($_GET['password'])): // if key data exists

switch($_GET['action']):

//athenticate game developer return and high score
case 'authenticate':

$db = new PDO('mysql:host=localhost;dbname=xxxx', 'xxxx', 'xxxx');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);

$st = $db->prepare("SELECT * FROM `game_developers_games` WHERE `id` = :gameid AND `developer_id`=:user AND `key`= :key AND `developer_active` = '1'"); // need to filter for next auction
$st->bindParam(':user', $_GET['user']); // filter
$st->bindParam(':key', $_GET['key']); // filter
$st->execute();
$r = $st->fetch(PDO::FETCH_ASSOC);

if($st->rowCount() == 0):

$return = array('DBA_id'=>'0000');
echo json_encode($return);

else:

$token = initToken($_GET['key'],$_GET['user']);

if($token == $r['API_Token']):

$return = array(
'DBA_id'=>$token,
'DBA_servertime'=>time(),
'DBA_highscore'=>$r['score'],
);

echo json_encode($return);

endif;

endif;

break;

Here's the script the game developer will have to add to their game to get the data when the game loads. Found this on another stackoverflow question but it's not working.

<script>
$.getJSON("https://www.gamerholic.com/gamerholic_api/db_api_v1.php? user=1&key=6054abe3517a4da6db255e7fa27f4ba001083311&gameid=1&action=authenticate", function () {
alert("aaa");

});
</script>

Fou-Lu
11-14-2012, 09:25 PM
Can you be more specific by "not working"?
This here looks like it'll be a problem:


$st = $db->prepare("SELECT * FROM `game_developers_games` WHERE `id` = :gameid AND `developer_id`=:user AND `key`= :key AND `developer_active` = '1'"); // need to filter for next auction
$st->bindParam(':user', $_GET['user']); // filter
$st->bindParam(':key', $_GET['key']); // filter
$st->execute();

You have specified 3x bound fields, but only given it 2x parameters to bind. It is missing the :gameid.
I'd assume that the PDO execute will be. . . unhappy about that.
Also, if that developer_active is an integer, don't wrap it in apostrophes. Weak datatype handling is pretty much a MySQL exclusive "feature" (if you can call it that), which can be disabled at any time.

I assumed as well that the code is incomplete since you are missing the endswitch and endif calls.

AndrewGSW
11-14-2012, 09:31 PM
<script>
$.getJSON("https://www.gamerholic.com/gamerholic_api/db_api_v1.php? user=1&key=6054abe3517a4da6db255e7fa27f4ba001083311&gameid=1&action=authenticate", function () {
alert("aaa");

});
</script>

The above code is jQuery and so requires the jQuery library to be attached to the page. The space before the word user also needs to be removed.

Gamerholic
11-14-2012, 09:43 PM
Can you be more specific by "not working"?
This here looks like it'll be a problem:


$st = $db->prepare("SELECT * FROM `game_developers_games` WHERE `id` = :gameid AND `developer_id`=:user AND `key`= :key AND `developer_active` = '1'"); // need to filter for next auction
$st->bindParam(':user', $_GET['user']); // filter
$st->bindParam(':key', $_GET['key']); // filter
$st->execute();

You have specified 3x bound fields, but only given it 2x parameters to bind. It is missing the :gameid.
I'd assume that the PDO execute will be. . . unhappy about that.
Also, if that developer_active is an integer, don't wrap it in apostrophes. Weak datatype handling is pretty much a MySQL exclusive "feature" (if you can call it that), which can be disabled at any time.

I assumed as well that the code is incomplete since you are missing the endswitch and endif calls.

Thanks for catching that error, I made the fix but I'm still not able to get the json results.

here's the complete code


<?php
session_start();

ini_set('display_errors', 1);
error_reporting(E_ALL);

// == [ FIRST FILTER - FILTER GET REQUEST ] == //
$_GET = array_map('_INPUT', $_GET); // filter all input


// ====================================== //
// ============[ ACTION MENU ]=========== //
// ====================================== //

if(!empty($_GET['action']) && !empty($_GET['user']) && !empty($_GET['key']) && !empty($_GET['gameid'])): // if key data exists

switch($_GET['action']):

//athenticate game developer return play fee and high score
case 'authenticate':

$db = new PDO('mysql:host=localhost;dbname=xxxx', 'xxxx', 'xxxx');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);

$st = $db->prepare("SELECT * FROM `game_developers_games` WHERE `id` = :gameid AND `developer_id`=:user AND `API_KEY`= :key AND `developer_active`= 1"); // need to filter for next auction
$st->bindParam(':user', $_GET['user']); // filter
$st->bindParam(':key', $_GET['key']); // filter
$st->bindParam(':gameid', $_GET['gameid']); // filter

$st->execute();
$r = $st->fetch(PDO::FETCH_ASSOC);

if($st->rowCount() == 0):

$return = array('DBA_id'=>'0000');
echo json_encode($return);

else:

$token = initToken($_GET['key'],$_GET['user']);

if($token == $r['API_TOKEN']):

$return = array(
'DBA_id'=>$token,
'DBA_play_fee'=>$r['play_fee'],
'DBA_servertime'=>time(),
'DBA_highscore'=>$r['current_highscore'],
);

echo json_encode($return);

endif;

endif;

break;


//log user in

case 'athenticate_user':
$db = new PDO('mysql:host=localhost;dbname=xxxx', 'xxxx', 'xxxx');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);

$st = $db->prepare("SELECT * FROM `ttourmember` WHERE `email` = :email AND `password` = :password AND `isactive`='Y'");
$st->bindParam(':email', $_GET['email']); // filter
$st->bindParam(':password', $_GET['password']); // filter
$st->execute();

$r = $st->fetch(PDO::FETCH_ASSOC);

if(empty($_GET['token']) || $_GET['token'] == '0000' || $st->rowCount() == 0 ): // Return Error if Token Doesn't exist or no db result
$return = array('DBA_id'=>'0000');
echo json_encode($return);
else:

$return = array(
'DBA_member_id'=>$r['id'],
'DBA_member_balance'=>$r['accountamount'],
);

echo json_encode($return);

endif;
break;


case 'getHighScore':
$db = new PDO('mysql:host=localhost;dbname=xxxx', 'xxxx', 'xxxx');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);

$st = $db->prepare("SELECT * FROM `game_developer_games` WHERE id = :gameid AND `API_KEY` = :key AND `API_TOKEN` = :token ORDER BY `score` DESC LIMIT 1");
$st->bindParam(':user', $_GET['user']); // filter
$st->bindParam(':key', $_GET['key']); // filter
$st->bindParam(':token', $_GET['token']); // filter
$st->execute();

$r = $st->fetch(PDO::FETCH_ASSOC);

if(empty($_GET['token']) || $_GET['token'] == '0000' || $st->rowCount() == 0 ): // Return Error if Token Doesn't exist or no db result
$return = array('DBA_id'=>'0000');
echo json_encode($return);
else:

$return = array(
'DBA_id'=>$r['id'],
'DBA_play_fee'=>$r['play_fee'],
'DBA_servertime'=>time(),
'DBA_highscore'=>$r['score'],
);

echo json_encode($return);

endif;
break;

case 'createToken':
$token = initToken($_GET['key'],$_GET['user']);
echo $token;
break;

default:
$return = array('DBA_id'=>'0000');
echo json_encode($return);

endswitch;

else:

//header("Location: http://google.com");
//die();

endif;

// ====================================== //
// ============[ ACTION MENU ]=========== //
// ====================================== //

function _INPUT($value) // filter all input
{
$value = strip_tags($value);
$value = preg_replace('/[^(\x20-\x7F)\x0A]*/','', $value);
$value = str_replace(array("!", "#", "$", "%", "^", "&", "*", "<", ">", "?", ',' , "'"), '', $value);
$value = str_replace(array("\r\n", "\r", "\n", "\t", " "), '', $value);

return $value;
}

function initToken($d,$s)
{

$context = hash_init('md5', HASH_HMAC, $s);
hash_update($context, $d);

return hash_final($context);

}

?>

Gamerholic
11-14-2012, 09:45 PM
<script>
$.getJSON("https://www.gamerholic.com/gamerholic_api/db_api_v1.php? user=1&key=6054abe3517a4da6db255e7fa27f4ba001083311&gameid=1&action=authenticate", function () {
alert("aaa");

});
</script>

The above code is jQuery and so requires the jQuery library to be attached to the page. The space before the word user also needs to be removed.

Jquery library is added. The space in only when I copied I pasted it here

Fou-Lu
11-14-2012, 10:55 PM
Does it work properly without the Javascript? I will always assume the problem is with the JS until its been checked out as being a PHP issue. Put that full url directly into the browser to see what it replies with.

Gamerholic
11-15-2012, 01:44 AM
Does it work properly without the Javascript? I will always assume the problem is with the JS until its been checked out as being a PHP issue. Put that full url directly into the browser to see what it replies with.

Thank you sir you solved my problem. Not directly, I still doesn't work in javascript even though I get the results on the direct link.

I'll just have the game developers use their preferred method to get it from that page.

Fumigator
11-15-2012, 05:15 PM
Jquery library is added. The space in only when I copied I pasted it here

You may be including the jQuery library, but that jQuery statement isn't inside a jQuery "ready" function call. It needs to be enclosed like this:



$(function()
{
//your jQuery goes here
});



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum