I am working on an HTML5 game more like Subway Surfer. The Idea is that the user runs for certain time. Pass some hurdles and he we get points according to that. So if the user has passed like 5 hurdles he will get 20 points. 24 if he passed 6 hurdles and so on. In each run user get certain points which then be added to his grand total. So if user played 5 times and each time he score 10 the grand total will be 50. The game is completed. I am using ajax to update the score in each run.
My code is relatively simple
var score = window.user_score;
$.ajax({
url: window.baseURL,
data: {
score: score
},
method: "POST"
})
And then on my PHP side I am checking a few many thing like the time between the user opens the game and submitted the score is correct(i-e its matching the score) and few other check like token number is valid, score is not in negative, score is not greater than 5000(no human can score 5000 in that game). But still I see people running bots on my API for submitting the result by calculating everything. What I wanted to is there a way I can encrypt my score through some key which is not visible to client and which can be decrypted on my server. Only then users will not be able to send score directly to my server. I dont know much about https so If we can use it to hide key from client and encrypt the score and all the other information that would be great.
