OK, I am creating a game using JavaScript and HTML5. The variables such as map
, x
, y
, level
, exp
, etc are stored in JavaScript to keep track. On my client page, the JavaScript variables are stored to play along with the game. Every 5 seconds, the client page sends a POST AJAX call to the MySQL database and it successfully updates it.
However a user can easily modify the JavaScript variables and cheat their way in the game. Then once they edit the JavaScript variables, the POST grabs that and updates it even though they edited it unethically.
So, how do I prevent this from happening?
Best Answer
Game are really hard to develop, because you'll never be sure that no one will find the way to cheat. But there is some tips you can put in place to try to prevent cheat, in every type of game, whether it's written in Flash, JavaScript ...
The more important thing to think of is : You must never rely on client.
The server must
NEVER :
ALWAYS
The client must
Other cheat controls in case of step-by-step game
Server must
Very simple example case :
You have a real-time game with 2 players on the same map
Map properties : 3x3 - Coords {x : 0, y : 0} = corner top left
Server » players : player1 : { x : 0, y : 0, life : 5 }, player2 : { x : 3, y : 3, life : 2 }
Player1 » Server : move right
Server » players : player1 : { x : 1, y : 0, life : 5 }, player2 : { x : 3, y : 3, life : 2 }
Player2 » Server : move left
Server » players : player1 : { x : 1, y : 0, life : 5 }, player2 : { x : 2, y : 3, life : 2 }
Player2 » Server : move left
Server » players : player1 : { x : 1, y : 0, life : 5 }, player2 : { x : 1, y : 3, life : 2 }
Player1 » Server : move up
Server » player1 : you can not move
Server » players : player1 : { x : 1, y : 0, life : 5 }, player2 : { x : 1, y : 3, life : 2 }
Player1 » Server : move down
Server » players : player1 : { x : 1, y : 1, life : 5 }, player2 : { x : 1, y : 3, life : 2 }
Player2 » Server : hit
Server » Player2 : no one to hit
Server » players : player1 : { x : 1, y : 1, life : 5 }, player2 : { x : 1, y : 3, life : 2 }
Player2 » Server : move up
Server » players : player1 : { x : 1, y : 1, life : 5 }, player2 : { x : 1, y : 2, life : 2 }
Player2 » Server : hit
Server » players : player1 : { x : 1, y : 1, life : 3 }, player2 : { x : 1, y : 2, life : 2 }
Player1 » Server : hit
Server » players : player1 : { x : 1, y : 1, life : 3 }, player2 : { x : 1, y : 2, life : 1 }
Player2 » Server : hit
Server » players : fatal, player1 : { x : 1, y : 1, life : 0 }, player2 : { x : 1, y : 2, life : 1 }, player2 win
I'm sure I forgot some tips, and I'll update if it comes back to me, but I think you'll be able to manage your game with these and maybe think by yourself at securities to add.
The more important thing to think of is : You must never rely on client.