PHP POST Execution time

[DarkenedHeart]

A plugin for firefox allows anyone to change any value which is being posted by php.

 

For example if a flash game was to submit a score to the database it would POST the data from the game to a php file which will then save that score. Using this plugin you can edit that score before it reaches the php file.

I notice that something called ibparcade seems to have a prevention method for this, it seems that it detects the length of time it has taken to post the score and if it is longer than it should be the score is not saved.

 

Anyone know how has this been done?

Forgive me if i am being Noobish, its not like me but it is fairly late.

 

 

Thanks.

[BlueSkyIS]

either don't rely on form values or encrypt them so that they are not easily changed.

[ToonMariner]

if its a game you have then you should check the results sent in from both players - if they don't match up don't accept them...

 

If not then you should check and see if you could utilize something similar to punkbuster...

[DarkenedHeart]

ok, the scores are being posted from flash based games (forget about changing anything in the flash, i know that is not necessary) into the php file. I have seen many sites prevent this plugin by some how recording how long it has taken for that data to post and then showing an error if it was too long.

These game are only simple single player flash based games. Nothing special.

 

What i need, is some method to do this myself. is there anyway i can get the total time taken for the POST to occur?

 

 

[ToonMariner]

what if someone had a busy hub just for a short while???

 

apps that do this cheating do not take long to perform their (very simple) task so I think you should look more into comparing teh data sent from both (more?) participants - timing IMO is not the solution to your problem there are other issues involved here...

 

If the thing you are looking to do is not completely evident then look for a different solution that would serve the same function but IS evident.  The advantage of checking more than one data packet is that you can actually compare and see if someone is cheating - instead of inferring that they are just becasue it took 33 milliseconds longer than usual...

[DarkenedHeart]

As you can tell i am not that experienced in this area of php.

 

How would you go about comparing the data sent? i can only see one piece of data and that is the value from the post itself, so what else is there to compare it against?

[discomatt]

The only logical way to do this is encrypting the data. It's not immune to cheating, but it can make it MUCH more difficult.

 

Yes, this requires you to make changes to the flash file, as well as the code parsing the results.

[DarkenedHeart]

Thanks for your reply but i know there is a way to prevent this without changing the flash files.

 

They have done it at www.ibpdownloads.com

 

My arcade system uses the same games as this site.

[discomatt]

Except timing it is horrible, because I can build my own script that modifies the post values instantly. In fact, it will never allow the flash games to populate the post variables.