I have a question I am stumped on. Okay, this is for a game of mine in Unity3D.
To make this make sense in terms of what people normally play. Let's say the player has 500 Gold in their account (saved on database). And the player earns 243 gold by doing some kind of task, how could the game (Unity3D) tell the PHP file they earned specifically 243 Gold?
Because here's where the issue lies, In Unity3D there's a class called WWW. It allows you to send some sort of string to a PHP file.
int currentGold;
string goldToSend = currentGold.ToString(); // Only using that for example.
WWWForm form = new WWWForm();
form.AddField("NameOfPostRequestInPHPFile",goldToSend);
WWW www = new WWW("website.com/PHPFile.php", form);
Now as you can see, I am in a pretty big dilemma, being you can't trust the client with anything, how would one actually send a random gold amount from the client side to the PHP to then put into a database.
The issue I am facing is, how can one really make a PHP understand what's going on in the game without the client actually telling it a thing, and being you can't trust the client, how can the client actually tell the PHP to load, use this data and then put it into the database.
I thought about using hashes an stuff, but then that still brings up the problem client side.
Lets say
if(sentGold == 243){
string hash = hash01;
// Change it to hash1000 (to get 1000 gold).
}
if(sentGold == 1000){
string hash = hash1000;
}
As you can see, using if statements clearly wouldn't work either, because then the hashes could just be changed locally to fit their devious attempts. Plus it looks like garbage to had 20K if statements.
I know it's impossible to entirely stop hacking. But at the same time, if I do something i want to do it right, not half-a**ed if you get what I mean?
If you've made it to this point reading my help message. I really appreciate the time you've put into reading it, it means a lot to me.
Now, if there's some other technology or hints you might know that could help me with this, or heck even a tutorial on it (i've been looking for days), but I'm still deadlocked because nobody is addressing the fact that yeah they might use secret keys and so forth, but they are failing to address that the string they send can be easily tampered with. All they gotta do is change for 243 to 9999999999 and then they are rich.