form question

[cdoyle]

Hi,

 

I was creating something new for my game, I started to use a form got the page pretty much working and realized something.

 

I have the following form on my page.

 

A user could easily save the source, and open it via a browser on their machine and just change the values of those variables and put the ful path to the script and it would work.

 

How do I prevent this from happening?

 

$cost = $getspy1['level'] * 2000;
            $xspyid = $getspy1['id'];
  echo "<form method=\"post\" action=\"spylog.php?act=confirm\">";
            echo "<input type=\"hidden\" name=\"cost\" value=\"$cost\">";
            echo "<input type=\"hidden\" name=\"spyid\" value=\"$spyid\">";
            echo "<input type=\"submit\" name=\"yes\" value=\"Yes, I am sure!\">";
            echo "</form>";

[DarkerAngel]

code it in a way that its hard coded into a php document or store it in a session variable

[dropfaith]

force a session to exist before the form is submitted?

 

it really all depends im seeing from a game standard they would need to log in somehow right?

 

if so make a session if session unset the form wont submit

[cdoyle]

force a session to exist before the form is submitted?

 

it really all depends im seeing from a game standard they would need to log in somehow right?

 

if so make a session if session unset the form wont submit

 

Yes the users need to be logged into play.

I'm not sure how do make it so the session needs to be set for the form to submit??

 

Here is my current page, that I thought I had all working right until just now and how easy it is to bypass everything.

 

 

 

[attachment deleted by admin]

[cdoyle]

I've been trying to search the forum for some similar questions, but all the ones that seem similar don't have any responses

 

If sessions are the way to solve my problem,  how do I do it?

 

[dropfaith]

http://www.waynewhitty.com/blog.php?post=3