question

paendiagames avatar image
paendiagames asked

Playfab IAP / Skin store

Hi, I just started using playfab to prevent cheating with purchases in my game

I have two questions

1 - I followed the playfab unity iap tutorial, I have a store with virtual currency bundles. everything seems to be working I get the validation successful message in the logcat however I don't get the virtual currency added to my inventory. Is this not automated, do I have to add it manually after getting Validation Successful message (I'm using the exact same code for ProcessPurchase as in the docs, I refresh the player inventory after the validation to check my virtual currency count but it doesnt get increased)

2 - I was wondering the best way to prevent cheats in skin system, for now I have a scriptable object with a dictionary containing keys and skin objects and in the store I want to disable the buy button if the player inventory has the item and replace it with Activate button. and when you click the activate you get the correct skin object from the dictionary. I feel like this system could get hacked somehow, what kind of a path should i use to prevent this?

Thanks in advance

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

2 Answers

·
paendiagames avatar image
paendiagames answered

I have found the problem for the first question, going to be keeping an eye on this post for the second question and the best practices for a skin system

10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Made Wang avatar image
Made Wang answered

If your concern is that hackers will buy the same skin repeatedly, it's important to clarify that PlayFab currently has no solution for this. You can refer to Can items be set to only be purchased once? - Playfab Community to know more, and if you need that feature mentioned in the thread, you can vote for it.

In addition, you can also describe in detail the cheating methods you think are possible so that we can provide you with some solutions.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

paendiagames avatar image paendiagames commented ·

Hello, I was just wondering about a scenario like this

There is a shop to buy skins (this whole scenario is when you are online, I decided to keep customization/store online only), when the user doesn't have a skin there is a buy button. if the player has the item in inventory ( I refresh inventory every time a transaction is made ) the buy button changes into Activate button.

The problem starts with the activate button, I don't really know how to implement the activate button. I can maybe refresh the inventory and double-check if the player really has the item. Im just wondering if a user can get the skins they don't own by accessing the activate button otherwise.

One of the skin categories I have is 'Theme' which changes the background of the game etc

I have a Dictionary<string, Customization>, customization class has background objects, platform objects, etc all specific to a skin. so when I start the game I check which key in the dictionary I should get from the last Activated skin. but the dictionary key can be hacked somehow? so I should double-check if the player has the item in inventory when I check the dictionary again I guess?

0 Likes 0 ·
Made Wang avatar image Made Wang paendiagames commented ·

It is possible to decide the button type by checking if the player's inventory has this skin. As for the function of the button, it is up to you to define it, the activation button should only be responsible for modifying the currently used skin locally.

Storing the dictionary locally is indeed risky, but this only affects the local and does not modify the content in player’s inventory. You can also store these key-value pairs in READ ONLY DATA, which ensures that only the server can modify the values.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.