Monkuar Posted August 12, 2012 Share Posted August 12, 2012 Hello. I usually do not do these, but was wondering if anyone could help me write this script. I have an avatar system, which needs to be validated server side. Everything is working for items, but people can still obviously change the base64 data with something else. I have around 20 helmet images, 20 sword images, 20 boot images/etc. All PNG type. I am looking to find a script that will run through all these images and give me the hash code: FOR BLA BLA, I need help here run $hash = hash( 'crc32', $_POST['data']); output an array or list of every single file and it's crc32 The catch is. I need the script to put each individual image on a different image, until all possibilities have ran out. My problem/thinking is, wouldn't this end up with hundreds of thousands of arrays that would need to be checked with through php to make sure no1 is tampering the base 64 post data? How is this even possible? How to GaiaOnline and other avatar creating sites do this secure protection? All I am trying to do is to make the user not be able to tamperdata the base64 encoding data. And if they do, it needs to be checked against a huge array like this: $_POST['data'] is the base64code coming from the canvas. $hash = hash( 'crc32', $_POST['data']); $validhashes = array("6b448211","39c5beb3", "fb976672", "9ed99f63", "52e898b2", "b7b6f54c", "da10ab35", "df1a8612", LIST GOES ON FOR THOUSANDS.............. ); if (in_array($hash, $validhashes)) { echo "Good image!"; exit; }else{ echo " Bad Image "; exit; } The only way I can think of is, making a script like I explained and gather the hundrends of thousands of crc32 hashes and checking it against it to make sure they are not altering the post data, am I thinking totally wrong here or what? How do the gaiaonline sites do it when they have literally thousands of different items to chose and put on their character? They would have millions of these hashes to check against..... If they did it this way or what? Any idea? Thanks all Or maybe, check the hashes against a range that is set? If the range is higher or lower error out? How would this be possible too? thx Link to comment Share on other sites More sharing options...
KevinM1 Posted August 12, 2012 Share Posted August 12, 2012 Topic locked because soliciting partnership (e.g., "Someone help me write this script") is really more of a freelancing question/offer. EDIT: Obviously, if another mod feels it still fits, feel free to unlock. Kinda a gray area question, given how much code is in it. Link to comment Share on other sites More sharing options...
Recommended Posts