dougehe2022 2013-08-22 13:40
浏览 15
已采纳

通过AJAX安全地将信息传递给PHP?

I'm designing a simple MMORPG using HTML5 canvas, JS, and PHP via AJAX. I've got a simple demo working where a user can log in, and is taken to a page where they can choose a world from a dropdown.

However, I now face a security issue: I need to be able to tell PHP via JS which world to change to, but I don't want the user to be able to change this themselves.

I have a dropdown of worlds available to the user, but don't want them to be able to change to any world they feel like via very simple client-side hacking. ie: Changing the tag's value via Chrome's right-click -> inspect element.

I know the solution would be to make everything server-side, but then how do I pass (from JS to PHP) which world the user has selected to change to?

(Apologies if this was poorly written, and many thanks in advanced)

  • 写回答

2条回答 默认 最新

  • douzhuozhu9544 2013-08-22 13:49
    关注

    You simply have to check the value the user gives on the server against a list which worlds are allow for that specific user.

    $allowed = array('Christoph' => array('world1', 'world2'), 'saricDen' => array('world1', 'world2', 'world3'));
if(in_array($_POST['world'], $allowed[$currentUser]))
    echo 'data for $_POST['world']';
else echo 'no data';

    when a user requests a world he's not allowed to join he doesn't get the worlds data.

    To post the selected data via ajax: add a onsubmit="sendAjaxRequest();" to the form in which you send the data via ajax to php. Once the request succeeds and tells you if he's allowed to join or not: continue .. or not.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法
  • ¥15 可否在不同线程中调用封装数据库操作的类
  • ¥15 微带串馈天线阵列每个阵元宽度计算
  • ¥15 keil的map文件中Image component sizes各项意思
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏
  • ¥15 划分vlan后,链路不通了?
  • ¥20 求各位懂行的人,注册表能不能看到usb使用得具体信息,干了什么,传输了什么数据