i've found a way to pass my javascript variables to a php variable by using this:
window.location.href = ".../gameover.php?points=" + points+"&speed="+window.speed;
in the gameover.php site i use
$_GET[speed] // and
$_GET[points]
to access my variables.
these values then get stored into a database as hiscores. but here comes my problem:
if the user just types for example
.../gameover.php?points=500000&speed=85
in the address bar it also stores these variables.
i have found something that helps avoiding this but you can still get around it. on my main page i make a cookie 'notcheated' and if the user visits the page and notcheated isset then it destroys the cookie and stores the values in my hiscores but if the user visits the main page and then enters the above address for example then the cookie isset but he hasn't played the game and then the values are also stored.
does someone have any suggestions to secure my site so that people can't just enter their own hiscores.
No comments:
Post a Comment