How to prevent user from cheating and changing row

calculate which fields are valid and use them as a whitetlist for the next move.

1 Like

Yeah. … I figured out that i already have the way to do it! So dumb that i missed that :man_facepalming:

Alternatively, don’t let the user send you that data at all. Let them give you a number, 1-8, that defines their next move (or move attempt).
You already store the current location, so if they are at X…

5 1 7
2 X 4
6 3 8

Their new location is given by:

$output = array('x'=> intval(substr($dbresult['curpos'],1))-1, 'y' => ord(substr($dbresult['curpos'],0,1))-65);
$input = $input - 1; //Because we like working in zero-index terms...
if($input & 4) {
   //They went in a diagonal.
   $output['x'] += (($input & 2) - 0.5)/abs(($input & 2) - 0.5);
   $output['y'] += (($input & 1) - 0.5)/abs(($input & 1) - 0.5);
} else {
  //They went in an cardinal.
  $tomod = ($input & 1) ? "x" : "y";
  $output[$tomod] += (($input & 2) - 0.5)/abs(($input & 2) - 0.5);
}
$output = chr(min(max($output['y'],0),5)+65).(min(max($output['x'],0),5)+1);

(and you always thought your maths teacher was lying when they said you would be using it in the future…)

2 Likes

Hey, thanks for helpful answer! But for a bit i do not get this example. … It just looks much different to what i try to make?

@m_hutley Take a look at what i have http://phpfiddle.org/main/code/5mgx-70sa
but here instead of location=D3 i use l=D&n=3

When you click on any of the fields you see sector witch should be only place user can click (ore entering in url bar)

@m_hutley As i already told to chron i have solution to it just need modify it! But i would check any other solution if it looks better!

Kinda seems like something you could solve easier on the front end…kinda easily.

Front end can be edited. …

Um… huh?

Maybe i get you wrong but user can change front end

How exactly. Tracking things like this seems like it would fall on the shoulders of front end.

Back end need to take care of data. …

1 Like

Correct but, if I read the requirements correctly, preventing a user choice happens on the client, client issue to deal with.

I know how to manage client side as long as server side

False.

Data sanitization is a backend function - no client side measure can be relied upon to manage it.

2 Likes

Again, this isn’t a data sanitation issue.

THAT, is a front end issue, plain and simple.

Again, absolutely false. ‘plain and simple’.

Show me how you would prevent someone from cheating your form.

Keep in mind that i can type into my browser ‘yourbackend.php?userinput=Z77’.

I dont have time or frankly energy to type out a solution. I’d start looking into things like, oh idk, index, preventDefault, setAttribute. If it’s what the customer sees or interacts with, it’s front end.

I mean sure, knock yourself out with a backend solution, but this is 100% something your front end should be responsible for. You can tell me WRONG all you want, but again, according to the specifics,…

None of the things you have listed prevent me from sending ‘yourbackend.php?userinput=A1’ and suddenly moving from C3 to A1.

This is a data sanitization issue. According to the specifics.

It is the DEFINITION of data sanitization issues: How do I ensure that whatever the browser sends me is legitimate data?

4 Likes

Not here to argue, best of luck.