I'm developing a javascript memory card game. At the end the user has the ability to submit his score to a database. The best 4 scores will win a prize.
At the end of the game a lightbox opens containing a form, where the user inputs his firstname, lastname and an email address. The score will then be posted to an api via ajax. Also the score is included in the post request.
An experienced user can easily lookup the score submit request in the browser dev console and could easily send a fake score via curl or an own build ajax request.
What would be a good way to prevent cheating here?
答案 0 :(得分:0)
Generate a UUID for the user's session and store it in their cookies or JS local storage or something. Then save the score tied to this UUID in the db. Then save the name and email also tied to the UUID.
Basically don't calculate/send the raw score on the client side. Send the raw answers from the game to the server and let the server calculate and save the score.
答案 1 :(得分:0)
you may try something like this
if(@isset($_SERVER['HTTP_REFERER']) &&
$_SERVER['HTTP_REFERER']=="http://yourdomain/ajaxurl")
{
//Request identified as ajax request
}
This will make sure the referring site is yours. I've heard this can be hacked by modifying headers... but it is only a game, and if they can get passed XSS and checking referring http and can generate their own headers, they deserve to win....