jaymc Posted May 23, 2008 Share Posted May 23, 2008 I have flash games that I did not make, after playing you click a link withing the flash game which POSTS your score to a php URL This works fine, but obviously not very secure as idiots can POST externally to the php file and providing they know the parametres (which they will) can set any high score they want My question is, how can I stop this I remember a while back you can check the REFFERER, but thats not very accurate at all so probably not something I want to use What other ways are there, and remember, I do not have the flash source so I am pretty much stuck with the parameter names that are posts to the PHP Quote Link to comment Share on other sites More sharing options...
Rohan Shenoy Posted May 23, 2008 Share Posted May 23, 2008 You can try these workaround to know the param names sent by the post method, provided you know thw script to which they are posted. For temporary purposes, rename that script file and create another php file of the same name, eg: recordScore.php. In that file insert the below code <?php print_r($_POST); ?> It will spit out all the param names (and their values) Quote Link to comment Share on other sites More sharing options...
jaymc Posted May 23, 2008 Author Share Posted May 23, 2008 Yes but the problem is the "cheater" knows these parameters and I cant change them as they are compiled in the swf of which i dont have the .fla Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted May 23, 2008 Share Posted May 23, 2008 I hate to say this, but I can't think of a single way to make this secure without the source to the flash game. Quote Link to comment Share on other sites More sharing options...
jaymc Posted May 23, 2008 Author Share Posted May 23, 2008 Yeh its really bugging me Even a way to atleast stamp out the majority of cheaters For example, create a unique key in the database that expires after 10 minutes or something. that key is only created when they load the game page So, if they try and cheat after 10 minutes, it wont work If they play the game, submit a VALID score, then try and post externally, there will be no key But of course, the way around this is to load the game page and post externally straight away Something like that, but not as easy to get around would be great The ones who can get around it, I can probably deal with manually Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted May 23, 2008 Share Posted May 23, 2008 You've already answered your own question then. That's about as good as you can do: 1) Create a key when they load the page 2) Check the key when they submit the score and erase the key so they only get a single submittal. This could break games depending on how the scores are submitted though. If the flash game submits the score as soon as the game is over, then the key will be eaten by the game and the user would have to reload the page to play again. This would break any 'Replay' buttons built into the game. If the score is submitted by the user, then this is less of a problem. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.