I’m developing a very, very basic turn-based game using php and jquery and I’m looking at two different ways of keeping track of the current user’s score:
1) global javascript variables – for example var currentScore at the beginning of the js. The game action and turns are all controlled via ajax so I don’t have to worry about a page refreshing losing the variable data.
2) mysql – create a row with currentScore, user, etc and access it / update it every turn.
I’m trying to balance a) load speed and b) making the score tamper-proof. I’m thinking that local javascript would be fast and less load time but mysql records would be more tamper-proof. Does anyone have any advice as to which is faster and which is more tamper-proof, or perhaps have another way of accomplishing this that I didn’t list above?
Run your game in PHP, not in JS.
What I mean to say is instead of allowing the player’s computer to control the action, and send the results back to the server…
that allows for people to hijack and send messages to your PHP like auto-firing pistols…
…or headshot scripts …or speed-hacking.
…or even worse — sending in messages like: “I just scored 500 points on my turn”, and having your PHP script go: “Okay!”.
So instead, the core of the game engine should run in PHP, the client should just say: “My character wants to move
Xsquares.”, and then the server can say: “No, you’re a cheating tool, you can only move 3 squares.”, and then the client will have to adhere to those rules.In this regard, PHP will be 100% in control of the score-keeping.