0

how do I compare a random number or is it possible?

the scenario is I have a function using $_GET method and it is visible on URL. so any user can store this link to use it later. this is a PHP game so any one can cheat the game very easily. so what will be the best work around to prevent the same? I was thinking about a random number to use each time when user calls the link and compare it so user cant use the same link to access the game later.

hakre
  • 193,403
  • 52
  • 435
  • 836
homlyn
  • 243
  • 1
  • 4
  • 10
  • 2
    Then why don’t you ask: How to prevent game fraud? – Gumbo Mar 28 '11 at 14:02
  • Related: http://stackoverflow.com/questions/3968328/best-method-to-prevent-gaming-with-anonymous-voting – Pekka Mar 28 '11 at 14:03
  • You can compare a random number like any other number... – Felix Kling Mar 28 '11 at 14:04
  • Not entirely related but good reading about preventing fraud in web-based systems: http://stackoverflow.com/questions/73947/what-is-the-best-way-to-stop-people-hacking-the-php-based-highscore-table-of-a-fl – Pekka Mar 28 '11 at 14:05
  • thanks pekka but the thing is I am looking for a simple solution...no loggin/cookies etc. – homlyn Mar 28 '11 at 14:06
  • @Felix Kling how can I do that?? can explain little bit? – homlyn Mar 28 '11 at 14:07
  • Number comparison? `if($randomNumber === 42)` would compare your random number against `42`. Note I'm not saying that this is the way to go. I'm just saying, a random number is like any other number and comparison is just comparison. Maybe you want to formulate your question differently. – Felix Kling Mar 28 '11 at 14:08
  • but how can a random number will match it to fixed number?? – homlyn Mar 28 '11 at 14:12

1 Answers1

0

Do you have access to a database for the site? If so, you can log the user's IP address and the random number and perform a check each time the page is accessed.

If not, you can store the numbers in the $_SESSION variable and check to see if it was already used:

session_start();
if(!isset($_SESSION['codes'])) $_SESSION['codes'] = array();

if(in_array($_GET['code'], $_SESSION['codes']) {
   // code to execute if this code was already used by the user
} else {
  $_SESSION['codes'][] = $_GET['code'];
}
psparrow
  • 9,808
  • 1
  • 17
  • 11
  • I think this a good Idea but how long this info will be stored in?? talking about SESSION – homlyn Mar 28 '11 at 14:10
  • Checkout the session_set_cookie_params function: http://php.net/manual/en/function.session-set-cookie-params.php. – psparrow Mar 28 '11 at 18:26