PHP PDO Login System (Free!)

Hey guys, I broke down my PDO Login system in PHP (Includes Unity Scripts as well).
So it's just bare bones of what my system is. Figured this would be really helpful as most things I've seen around for Unity is using depreciated mysqli stuff. And being it's PDO with Prepared Statements, I believe this makes it SQL Injection proof, at least from my understanding from research.

(You can either download it at the bottom of this message) or you can get it directly from GitHub
https://github.com/N1warhead/UnityPDO to get any new changes users may make to it.

What it offers is:

1. Unique Guest Account Creation/Generator
2. Register Real Account
3. Login
4. Transfer Guest Data To Register Account.
5. BCRYPT Hashing.

Guest Account Creation might not make sense to some, but what it does is, allow users to play your game(s) online without first registering for an account with their info, so what it does is, creates a unique Username/Password and then stores this info into a database while saving the login details in PlayerPrefs (can be whatever you want, just used that). (JUST TO MAKE IT CLEAR: IT does save the info into the database on the server) ONLY the Username and Password is stored locally so you don't have to type in any credentials while playing as guest.. Think of the game "Mobile Strike", you can play without signing up, register later and all the stuff you've done is then transferred to your official account when you register.

So then you can either Register for a real account (Username, Password and Email).
OR you can initiate the Transfer from guest to real registered account, when transfer is done, will clean out the old guest account sense it is no longer needed.

I am giving it out for free, it should work as long as you follow the directions then it's rather simple to use with no editing other than setting up the proper links to the PHP Files and setting up the two tables inside your database, of course you gotta have UI an stuff in Unity. But hey it's free, and you are free to change it as you wish.


But keep in mind, when I said this is bare bones, I meant just that. I mean it's a complete system, but it doesn't have score boards, or in game money. That stuff shouldn't be hard to add after looking at the PHP Code, every game is different so no sense in putting a million things.

But please let me know what you think!
(this is tested and works on - Windows & Android.) (don't have a Mac or anything) don't see why it wouldn't work when it's just PHP and Unity scripts.

 

Just bumping this so others know it exists.
And if you tried/try it -please let others know what you think, that way they know if it's worth downloading, etc.

I don't normally give free stuff out, but I noticed the lack of login systems that don't use depreciated MySQLI stuff
when prepared statements and such are more secure.

 

Hey I appreciate your work here @N1warhead as I have been trying to steer away from old school PHP and learn this PDO stuff, and your helping a lot with that!

Thanks for sharing

Spoiler: Suggestions & observations

I noticed a couple things, first is that the string variable "form" and the bool "emailValid" is never used in RegisterSystem.cs, I figure that just was left behind during prototyping or something...

And another thing is, what is "forms" in LoginScript.cs? Is that meant to be like your login/registration UI stuff, so it can disable them visually?

Minor suggestions:

- Might be cool to make a github hosting? Then others could submit updates/new features?
- It would make more sense to me if LoginScript.cs was called LoginSystem.cs (like RegisterSystem.cs)
- Since RegisterSystem.cs used "Submit()" to send the data, instead of "LoginAc()" in LoginScript, shouldn't it be "Submit()" also? Just for consistency?
- Make it clear to users to make the password field BIG enough to hold the length of the hash (I ran into this problem, used VARCHAR of 256 and it worked fine, probably overkill)
- I had to edit this part of regactsecure.php to add an echo 0 call:

Code (PHP):

1.         // Make sure to have a Table called accounts with a columns called email, username and password.
2.         // This is where we check if an account already exists with the Username.
3.         // Change "guestaccounts" to databasename of choice if you already have one.
4.         $stmt = $conn->prepare('SELECT * FROM accounts WHERE username=?');
5.         $stmt->bindParam(1,$username);
6.         $stmt->execute();
7.         $row = $stmt->fetch(PDO::FETCH_ASSOC);
8.         // If Account (DON'T EXIST) { CREATE IT! }.
9.         if(!$row){
10.             if($stmt = $conn->prepare("INSERT INTO accounts (email,username,password) VALUES (?,?,?)")){
11.                 $stmt->bindValue(1,$email);
12.                 $stmt->bindValue(2,$username);
13.                 $stmt->bindValue(3,$passwordNew);
14.                 $stmt->execute();
15.             }
16.             echo"0";
17.         }else{
18.             // Else - if account DOES exist - Tell Unity.
19.             die('Account Exists!');
20.             echo"00";
21.         }

and this is RegisterSystem.cs:

Code (CSharp):

1.     IEnumerator Register()
2.     {
3.         // Now we attempt to register the account.
4.         WWWForm form = new WWWForm();
5.         form.AddField("usernamePost", _userName);
6.         form.AddField("emailPost", _email);
7.         form.AddField("passwordPost", _password);
8.  
9.         WWW www = new WWW(uri, form);
10.  
11.         yield return www;
12.         Debug.Log(www.text);
13.         if (www.text.Length == 2) // its telling us the account already exists
14.         {
15.             Debug.Log("Account Already Exists - Try Logging In!");
16.             _userName = "";
17.             _password = "";
18.             //randomSpecialKeys.Clear(); // I don't use guest accts so I commented these out
19.             //GuestAccountGenerateInfo();
20.         }
21.         else if (www.text.Length == 1) // telling us successful registration
22.         {
23.             Debug.Log("SUCCESS");
24.             // So you don't have to type it in every time.
25.             PlayerPrefs.SetString("un", _userName);
26.             PlayerPrefs.SetString("pw", _password);
27.         }
28.         else
29.             Debug.LogError("Unknown error in registration");
30.     }

Without those changes it didn't report a successful registration for some reason. It would still write to the database correctly, but the code didn't seem to reflect success for me...

- One other small change I made was in registration to verify email is valid (to some extent) by checking for an @ symbol and a period:

Code (CSharp):

1.         if(!_email.Contains("@") || !_email.Contains(".")) // all emails should contain @ symbol and period
2.         {
3.             Debug.LogError("Email is not valid!");
4.             return;
5.         }

- Also I removed a redundancy where it would check again that _userName != "" && _email != "" when it had already checked for that above:

Code (CSharp):

1.         if (_userName == "" || _email == "" || _password == "" || _confirmPassword == "")
2.         {
3.             Debug.LogError("One or more of the Input Fields are empty!");
4.             return;
5.         }
6.  
7.         if (_confirmPassword != _password)
8.         {
9.             Debug.LogError("Confirm password isn't the same as Password!");
10.             return;
11.         }
12.  
13.         if (_password == _confirmPassword && _confirmPassword == _password) // removed redundancy at this line
14.         {
15.             Debug.Log("Attempting to register account, please standby...");
16.             //Register ();
17.             StartCoroutine(Register());
18.         }

 

@MD_Reptile : Awesome I'm glad you found it useful.. Yeah I've noticed most of everything in relation to Login systems uses all the old systems, granted that's expect when the old systems is all their was, but I have yet to find a PDO login system, so I created one LOL..

You're welcome man.

Thanks for the spoiler. I agree there's a couple redundant things in it, but it was for purposes for what I was trying to achieve, so as the password stuff, I wanted to make very sure that if somehow confirm or password changed at any point it wouldn't work, I just program in error checking like that, that's just how I am, I like to try and catch any potential error that could happen - then do something if that happens, rather than have an unexpected thing happen. Pretty much over-prepare by with good intentions haha.

That's strange how it wouldn't work at first until you made changes, I tested it thoroughly before releasing..
But I agree there was some simple name changes I could have made to things, sorry about that.

I suppose I could make a git for it
https://github.com/N1warhead/UnityPDO

There's the link

 

Hey @N1warhead thanks for providing this to the community. There's almost no information about this on the web in regards to Unity integration so I will be reviewing your code to see what I can learn.

A question, do you have any experience with json DB integration? I know PDO is normally used with SQL, but I'm looking at using Firebase for my game.

Thanks again.

 

You're welcome man.

Sorry I don't know much about that to give any insights on that. I'm sorry.

 

@LeAristocrat if your using firebase, are you not using the firebase unity sdk? Perhaps your trying to use the REST api?

I use these scripts and firebase, but I host an sql server and use that to manage accounts while using firebase for other aspects of the app.

What's were you planning on doing with PDO and firebase?

 

Just bumping this up so others know this exists...

I had just implemented this into another game of mine, figured it would be nice to still share it with others.

 

Hey @N1warhead!

Thanks so much for this, it looks like just what i need to begin with a login system, you're the man!

Im having some trouble setting up the solution though

Im getting the below error, I've made the tables in my database, and have linked the php files, however it says "The name `ActExist' does not exist in the current context"

Maybe its me being dumb, but itd be wonderful if you could help me with this issue!

Thanks a million!

Tom

 

You're welcome buddy.
Well it's appearing I forgot to add something, I apologize for this...

I no longer have the project, but I can tell you what's going on.
ActExist.username, etc. is a place where the Guest account name and password are stored (or are at least supposed to be). So you can just as easily get it from PlayerPrefs..

I apologize about that.

So just get the guest account details from player prefs

string guestUserName = PlayerPrefs.GetString("un");
string guestPassword = PlayerPrefs.getString("pw");

then put guestUserName and guestPassword inside the two fields where ActExist is at..

(This is untested),. Just going off observation from what I see right this moment.