Skip to content Skip to sidebar Skip to footer
Home / Javascript / Mysql / Php

Prevent Back Button Exploits? Php

Post a Comment
I've built a simple game using Javascript and PHP. Once the user hits the target score, they are allowed to add their name to a highscore mysql database. I'm using PHP POST to get

Solution 1:

You need to check for at least one identifying feature of the user and check if they have submitted a score before serving up the form. There are various ways you can do this, each with their own weaknesses, so it's best to mix and match, however some off the top of my head include:

  • Checking that a person with the same IP and user-agent string hasn't submitted a highscore in the last x minutes (though this may prevent some legit scores from being submitted - think a school / office using same browser and having same ip)

  • Putting a tracking cookie on arrival with an identifying user id. Then checking that user id hasn't submitted a score in the last x minutes. (e.g. start a PHP session if you want)

  • Adding a cookie to the browser after score submit, then checking for this cookie before serving up the form (yes, it can be easily worked around by deleting the cookie). Alternatively You could set a value in the session)

Post a Comment for "Prevent Back Button Exploits? Php"