-3

Im making a game with javascript for my website, but its easy to hack or do sql infections on it, you can also just inspect the code and change the values of any variable in the script, how can i make the script and code not viewable and editable?

Here`s my code

<script>

var scoreNumber = 0;

document.getElementById('scoreLabel').value = scoreNumber;
document.getElementById("scoreLabel").innerHTML = scoreNumber;


</script>


<html>

<style>

body{
background-image: url('snow.gif');
background-size: cover;
}

</style>

<head>


<center>




<h1 id="bottom">Cilus Networks</h1>


// Anyone can change the scrollamount, which i dont want
<marquee scrollamount="20"
direction="right"
behavior="scroll">
<a href=# onclick="add()"><img  id="one"  src="santa.png" height="150" width="150"></a>


</marquee>



<marquee scrollamount="20"
direction="left"
behavior="scroll">
<a href=# onclick="add()"><img id="two" src="santa.png" height="150" width="150"> <source src="plimp.mp3" type="audio/mp3"></a>


</marquee>




</center>

<h1 id="scoreLabel">0</h1>



</head>
<body>







</body>


<script>


var powerup;
var lifes;
//Anyone can change this, which i also dont want.
powerup = 0;

if (powerup == 2 ) {

function add(){
scoreNumber = scoreNumber +1000
document.getElementById('scoreLabel').value = scoreNumber;
document.getElementById("scoreLabel").innerHTML = scoreNumber;

}

};


if (powerup == 5 ) {

function add(){
scoreNumber = scoreNumber +500
document.getElementById('scoreLabel').value = scoreNumber;
document.getElementById("scoreLabel").innerHTML = scoreNumber;
}

};





function add(){
scoreNumber = scoreNumber +1
document.getElementById('scoreLabel').value = scoreNumber;
document.getElementById("scoreLabel").innerHTML = scoreNumber;




setInterval(function(){ window.location.replace("http://cilusnetworks.com/thankyouMDT.php"); }, 400);}
</script>

Any ideas on how to do this? I have done som research but i cant seem to find anything..

Martijn Pieters
  • 1,048,767
  • 296
  • 4,058
  • 3,343
kibrobro
  • 1
  • 2
  • 4
    You can't, you can only make it more difficult. Any data you send to the client can be read and manipulated. – Carcigenicate Dec 23 '17 at 00:46
  • 3
    Ok. First of all: SQL has _nothing_ to do with Javascript. That's serverside. Javascript is client side. Meaning it runs on the visitors pc. Not on your server. Therefor you can't protect it either. You can't control what users do with code running on their own pc. – icecub Dec 23 '17 at 00:47
  • Possible duplicate of [How can I obfuscate (protect) JavaScript?](https://stackoverflow.com/questions/194397/how-can-i-obfuscate-protect-javascript) – Emre Dec 23 '17 at 01:18
  • You could send opcodes to a server and have the entirity of the game logic run server-side. Other than that... Not much – Nick is tired Dec 23 '17 at 02:03

2 Answers2

1

Anything you send to the client is merely a suggestion of what you think would be a good idea for the client to do. The client is perfectly free to ignore your suggestions and do its own thing: show your code to the user instead of executing it, add 12 to every variable when it's defined, make demons fly out of your nose, whatever. If you really want to rule with an iron fist, you'll have to keep the logic of your game tightly under your control: all the game code lives on your server, never to be sent out, and you tell the client "this is what happens, what do you want to do?" And then make sure the response makes sense and is legal.

If you don't want to go that far, the best you can do is obfuscation, making it more difficult for the user to figure out what a valid change to your suggestion would be.

AuxTaco
  • 4,883
  • 1
  • 12
  • 27
0

You might be able to do an <iframe></iframe> with the html file containing the game stuff on a different html file.

For example: <iframe src=“game.html”></iframe>

user6353435
  • 28
  • 4