This is just an experiment, I would not suggest anyone to use it because it can be changed and break your shit up.
So there’s this number that is being used to identify someone in some sort of an organized play kind of system. Its like your Identity Card number but for games. So, for an event organizer, if you put up a registration form, you need the number to be accurate so that you can process the person before the event starts. Prepare their access card, event access, goodies and whatever that they’re supposed to get.
The number have to be cross-checked with a third-party that does not document and/or open up their API. Its not hacking if its available openly on the web. Just have to know where to look.
When I enter the numbers in the box, if its valid, it will return a JSON formatted response and redirect me to the page with the player’s recent gaming history. I wont get a chance to see the URL where its posting the number to in the developer tools panel because as soon as it gets the result it will redirect to the history page. If you’re familiar with the developer tools, you’d know there’s an Event Listener Breakpoints (right sidebar under Sources). To prevent the page from automatically redirect, set the breakpoint on the Load > unload (and check it).
When you key in the number and if its valid, it’ll stop the redirection.
From here on its easy to get all the details (URL) and the response.
In the image above (the first one with the URL), scroll to the bottom to have the key/value that is sent to the URL. I apparently have closed the tab and am too lazy to start over. Status 0 (2nd image above) means its valid. I have no idea why that is the case. Maybe its some higher level leet programming thinking.
So now, I have:
- Key/Value: DCINumber/<your-dci-number>
That’s enough information to create a post request using PHP using Guzzle (you can use cURL or whatever that you prefer). I’ll continue on that part in another post. I’m pretty tired right now and need a dose of Grim Dawn.