Such is the trouble, riveting mmo toy. And there was such a question. The game has locations, for example:

/game.php?page=map_1 /game.php?page=map_2 /game.php?page=map_3

And I wanted that users could not just enter their address and transfer, and I wrote such a thing:

 if ($_SESSION['username']) { include 'conect_db.php'; $block = $_SERVER['HTTP_REFERER']; if (strlen($block) > 0) { /* Выводим локацию */ } else { echo "<script>alert('Ай-ай-ай Не моно так делать');</script>"; } } else { echo "<script>alert('Пройдите авторизацию');</script>"; }

And, voila, when he simply enters the address, the user displays the message: Ah-ah-ah Not mono do that . But suddenly, I opened the Opera, a hotbed of lags, open the source code and enter:

 <script>location.href='/game.php?page=map_3';</script>

I poke to apply and transfers me. Tell me, please, how to seal this hole?

  • 3
    @oOKomarOo, this is not Opera the hotbed of lags, but your code. - Oleg Arkhipov
  • Maybe so, I'm just learning more) - oOKomarOo
  • @oOKomarOo, I already wrote to you in another question, that this defense is absolutely crazy. - Oleg Arkhipov

3 answers 3

Make the rights to users. and check for this flag can he see map_3 or map_2. if yes, then you show; if not, then you don’t. otherwise, you can hardly cope with the task.

  • yeah)) Here it is, okay, ok))) ATP)) - oOKomarOo
  • @Shrek, you did not understand the question. In this case, you need a map of locations. - Oleg Arkhipov
  • 2 @Construct we write in Russian correctly. and generally the answer is correct, you need to read and understand the questions. - Artem
  • @Construct, did everyone understand that it was a typo? No, you did not understand the question. - Oleg Arkhipov

Opera really has nothing to do with it. Store the player’s position not in the address bar ($ _GET), but in the database ($ _POST). As a result, the user will see the address of the form / game / php without get parameters.

  • And this is also not a defense. - Oleg Arkhipov

Here you need a map of locations. For example, like this:

 array( 0 => array('moves' => array(1,2), 'name' => 'Одна локация'), 1 => array('moves' => array(0,3,4), 'name' => 'Другая локация') );

thus, there are two locks, with given names, from 0-howl you can go to 1 and 2, from the first to 0, 3 and 4. When you try to switch between locks, you need to check on the location map whether such a transition is possible. User rights have nothing to do with it, unless you just want to make a more complex structure, for example, players of only a certain faction can enter this location. Then it is necessary to complicate the structure of the array.

  • Can you tell us more about this? How to make a location map? - oOKomarOo
  • Here the trick is that you have somewhere (for example, a session variable) recorded the current location of the player and when a player requests a new location you check with the location map (in this case, @Construct is an array of associative arrays! But this is just an example) whether he can move from the current location to the one he wanted. If you take the example of @Construct, then if a player is in location 0, then he can only go in location 1 and 2, if in location 1, then only in location 0, 3 and 4. - likdike