I’ve looked around in several places, on several forums, guides, and websites for the answer to this question, but I can’t seem to find anything on it at all. I’m not 100% sure how to sum it up in a few words, so I was thinking that this is probably a better place to come for my answer. I’m hoping that this is the best section to submit this question.
I’m coding a flash game that’s to be a part of an interactive website in the making. When you complete the game, you’re given an option to send your score and earn a small amount of gold based on that. This requires database interaction with the flash game using a PHP file. I know how to send and get variables using the loadVariables function, but now I have a problem: If a user were to find my PHP file used to submit this information, they could easily cheat the system and submit a fake score, and thus earning themselves a large amount of ill-gotten gold.
I’ve considered various ways I may be able to do this, but they all seem overly complicated, or have large loop holes that make the entire process essentially useless. One consideration that seems possible is that there is a password within the ActionScript that is submitted to the database - but I fear that this is easily intercepted (even if I’m using encryption, all you need to trick the system is the already encrypted password, with my method.) Is there a way to check the referrer? Maybe something with a PHP session?
IN SHORT: I’m looking for a reasonably secure way to verify that information sent to a PHP file is coming from this flash game.
Any help is greatly appreciated. I know this has to be possible, but I’m not sure how to do it.
