PHP help with a construct game (AJAX, relevant)

0 favourites
  • 4 posts
From the Asset Store
Casino? money? who knows? but the target is the same!
  • Hi!

    So, i'm making a game with a few friends. I'm currently trying to save locations of a player via AJAX requests to php. It is currently working. Let me explain what I need help with.

    game requests save.php?name=theziggypops&locationx=223&locationy=134.

    whatever, something like that.

    the problem with this is, ANYONE can just put that in their address bar pretty much and move themselves anywhere they want. Whats the best way of stopping this? Is there a way to only allow the website to run php scripts?

    If I didn't make anything clear, let me know.

    (I didn't know what board to post this on)

    Thanks,

    theziggypops

  • Try Construct 3

    Develop games in your browser. Powerful, performant & highly capable.

    Try Now Construct 3 users don't see these ads
  • I guess this deserves a bump.

  • This is basically an unsolvable problem. You can't make it impossible for someone to change the parameters sent, but you can make it more difficult.

    Perhaps the easiest way to stop people from modifying the query is to have a secret code built into the game, say for example "34fE_ef" and encrypt the sent data with that key. The server can then decrypt the data using the same key.

    This isn't foolproof of course, someone would be able to search the source and find the key. So you could make the key harder to find. Doing something like this should stop most casual hack attempts.

    Another way is to do sensibility checks, the difficulty/effectiveness of these checks is very dependant on the type of game you have. A sensibility check basically says "the submitted score/position/whatever of this player is impossible to obtain so I will ignore this".

    Just some ideas anyway!

  • Another possibility is to use the custom plugin AJAXPOSTer, sending AJAX POST requests (as opposed to GET, the regular AJAX object), making sure that just putting the url in the url bar of a browser won't be accepted by the server-side.

Jump to:
Active Users
There are 1 visitors browsing this topic (0 users and 1 guests)