21 minutes ago, hplus0603 said:

I don't know what "rating" means for you, so I have no idea what your security model should be. Is it OK if someone says "the rating of this is 99" ? As much as they can?

Oh, sorry, it probably makes more sense if you have the full context.

Users can rate downloadable levels, expressing how much they like/enjoy it, so it does not really matter how much they rate it as long as it is within the given range of minimum and maximum : ) If it is outside boundaries, the request will be rejected, which makes sense since input should be validated as far as possible.

I'm yet unsure whether sending files is an easy task and reliable (images, files, ...) over HTTPS?

36 minutes ago, hplus0603 said:

Using HTTPS everywhere is the right thing to do, so no argument from me there!

PHP needs to run hosted inside a server like Apache or Nginx. Thus you'd set up HTTPS with Apache or Nginx. There exist scripts that will automatically renew letsencrypt certificates for those servers, and they're pretty easy to set up.

Ah! My issue with PHP is that is not statically typed, so I might stick with another solution anyway : ) But thanks for this insight, one never knows when that will help me!

10 minutes ago, Angelic Ice said:

Ah! My issue with PHP is that is not statically typed, so I might stick with another solution anyway : ) But thanks for this insight, one never knows when that will help me!

I think you are confused here. HTTPS has nothing to do with PHP or its nuances.

All the features you are asking can be simply done using standard web HTTP REST API interface. Similar to forums, Google Maps API, Twitter, Facebook, etc. This is language agnostic, and virtually all languages should have some libraries to do this. PHP, Java, Go, Python, Ruby, whatever that fancies you. HTTP supports file uploads.

HTTPS is a secure protocol on top of HTTP. It's always a good idea to use it. The hosting company can do it for you. If you are into system administrator and stuff, you can do it your own as long as you have the certificate. Again, this has nothing to do with the language.

Some languages are single-threaded like PHP, Ruby, and Python, and actually will have some problems handling multiple HTTP/S requests at the same time, and therefore needs additional libraries and tooling to do the threading, forking, and buffering so some users aren't getting a 500. This is where Apache and Nginx comes in to buffer those requests before getting into your code.

Hello Angelic Ice!

Before I published Galactic Crew as Early Access title on Steam last year, I had a Closed Alpha with around a hundred players. In order to analyze player behaviour, I gathered metrics like play-time, session length, computer hardware, etc. I needed a way to update all clients automatically and to collect the gathered data (All players agreed to that before downloading the Closed Alpha version!).

For this purpose, I rented a vServer for around 9 € per month and wrote my own server in C# that did exactly what I needed. Then, I built a custom TCP/IP layer in the Closed Alpha version and I was ready to go. First I was thinking about SQL data bases and other stuff, but I found it more suitable to create my own small console server.