Ajax security problem

Question

I want to create a browser based game and I have a huge problem, the game can be easily hacked. The problem is at a page where you can go to "work", I store in a file the work ending date and the amount of money what you will receive after finishing the work. There are 4 type of works. The problem is that I use ajax to send to a php file the necessary information. The URL looks like this x.php?date=....&pay=.... The javascript part of the page calculates the date and the pay but if you simply enter in your URL bar x.php?date=anynumber&pay=99999 you will receive that 99999 dollars. What should I do ? And sorry for my bad english :)

Answer 1

When the user interacts in your game to go to "work" store the values in a database server side?.

Answer 2

You should not send the end date and amount from the client (browser). Instead send just the type of work: x.php?worktype=...

In the PHP file on the server side you read the type of work and then look up or calculate the end date and amount as necessary.

If you're interested in learning more about security in ajax applications I can also recommend the book "Ajax Security" by Hoffman and Sullivan.