Automatic login (remember me functionality)

If you are developing a game using GameMaker Server, you are to never store or transmit user passwords (or hashes, or encoded variations). Not remotely, nor locally. Any violation of this will get your game banned.

If you want to add an automatic login (or "remember me") feature to your game, don't store the users' password somewhere! Instead, you can use authentication tokens. Authentication tokens are like one-time passwords that will only work in a single game. The token cannot be used to log in to the site, or change the password or mail address associated to the account. Using a token also means that someone's real password cannot be stolen by copying the file.

The server will always send an authentication token after logging in. You can intercept this token by setting a script:

gms_script_set_authentication_token_received(on_authentication_token)


In the on_authentication_token script, you can save the authentication token in any way you want. NOTE: Do not save it to the GameINI or a Binary Data Blob. Anyone can access those! For example, to save the token to a local INI file:

///on_authentication_token

ini_open("saved_login.ini")
ini_write_string("Data", "user"gms_self_name())
ini_write_string("Data", "token", argument0)
ini_close()


Now, before logging in you should try to log the player in using the authentication token. You can do this by calling gms_login_set_token instead of gms_login_set_password. If you used the example to save to a local INI file above, the login check would look something like this:

// Automatic login

ini_open("saved_login.ini")
show_login = false
if ini_key_exists("Data", "user")
{
    gms_login_set_username(ini_read_string("Data", "user", ""))
    gms_login_set_token(ini_read_string("Data", "token", ""))
    gms_login_execute(on_token_login)
} else {
    // Show normal login window

}
ini_close()
// In script 'on_token_login'

switch argument0
{
    case e_ok:
        room_goto_next();
        break;
    default:
        // Show normal login window

        break;
}


Essentially, we're just executing a login, and if it fails we ignore the error and show the login window. Note that the login might take a bit of time to process. You'll need to wait with showing the login window until on_token_login is called!

Replies (0)

Last message on 23 Sep 2018