PHP help with a construct game (AJAX, relevant)

Discuss game development design and post your game ideas

Post » Fri Dec 02, 2011 11:02 pm

Hi!

So, i'm making a game with a few friends. I'm currently trying to save locations of a player via AJAX requests to php. It is currently working. Let me explain what I need help with.

game requests save.php?name=theziggypops&locationx=223&locationy=134.
whatever, something like that.

the problem with this is, ANYONE can just put that in their address bar pretty much and move themselves anywhere they want. Whats the best way of stopping this? Is there a way to only allow the website to run php scripts?

If I didn't make anything clear, let me know.

(I didn't know what board to post this on)

Thanks,
theziggypops
theziggypops2011-12-02 23:03:01
B
4
S
1
G
1
Posts: 18
Reputation: 736

Post » Tue Jan 24, 2012 5:27 pm

I guess this deserves a bump.
B
47
S
3
G
5
Posts: 56
Reputation: 4,630

Post » Tue Jan 24, 2012 5:35 pm

This is basically an unsolvable problem. You can't make it impossible for someone to change the parameters sent, but you can make it more difficult.

Perhaps the easiest way to stop people from modifying the query is to have a secret code built into the game, say for example "34fE_ef" and encrypt the sent data with that key. The server can then decrypt the data using the same key.

This isn't foolproof of course, someone would be able to search the source and find the key. So you could make the key harder to find. Doing something like this should stop most casual hack attempts.

Another way is to do sensibility checks, the difficulty/effectiveness of these checks is very dependant on the type of game you have. A sensibility check basically says "the submitted score/position/whatever of this player is impossible to obtain so I will ignore this".

Just some ideas anyway!
Image Image
Scirra Founder
B
124
S
37
G
25
Posts: 3,945
Reputation: 44,882

Post » Tue Jan 24, 2012 11:08 pm

Another possibility is to use the custom plugin AJAXPOSTer, sending AJAX POST requests (as opposed to GET, the regular AJAX object), making sure that just putting the url in the url bar of a browser won't be accepted by the server-side.
New to Construct ? Where to start

Image Image
Image Image

Please attach a capx to any help request or bug report !
Moderator
B
247
S
85
G
40
Posts: 6,998
Reputation: 57,786


Return to Game Development, Design & Ideas

Who is online

Users browsing this forum: No registered users and 0 guests