0

I'm working on a web-app using PHP and client-side Javascript, in which is implemented the Google Maps Javascript API.

The purpose of this web-app is to able to reserve a driver for a journey, like ....

In order to calculate the distance of the journey, I'm using the Distance Matrix API, but I ask me how can I secure the callback against cheating?

See my code

   service.getDistanceMatrix(
            {
                origins: [route[origin]],
                destinations: [route[destination]],
                travelMode: 'DRIVING',
                avoidTolls: true,
            }, callback());

        function callback(response, status) {
                var dist = response.rows["0"].elements["0"].distance.value;
                var duration = response.rows["0"].elements["0"].duration.value;
        }
);

Here users can easily change the value of the "dist" variable! Which will be used to calculate the price of the journey.
Even if I directly send the data to the server with AJAX call, they could be modify parameters to this call and set whatever they want.

I may be using the wrong development solution in this kind of situation.
Please let me know if I'm using the wrong solution or if it exists ways to secure my application.
Thank you in advance for your answers.

Jobel
  • 236
  • 1
  • 3
  • 13

1 Answers1

2

First, Javascript can be always edit by the user. The language has been created to animate a page web, display photos, videos or interact with a server, for example. It provides only a way to dynamise and animate a web page and not for all the commercial aspect.

In order to get a correct information from the user, you have to use php. The data is reliable and you can directly use it in the server.

If you want to find the position of the user, I can give you this code in php:

<?php
$user_ip = getenv('REMOTE_ADDR');
$geo = unserialize(file_get_contents("http://www.geoplugin.net/php.gp?ip=$user_ip"));
$country = $geo["geoplugin_countryName"];
$city = $geo["geoplugin_city"];
?>

Note : this code is quite simple but not very accurate. You can consult this page of Stack Overflow if you want more details.

Now, if you want to estimate the distance between two positions, use this code:

function GetDrivingDistance($lat1, $lat2, $long1, $long2)
{
    $url = "https://maps.googleapis.com/maps/api/distancematrix/json?origins=".$lat1.",".$long1."&destinations=".$lat2.",".$long2."&mode=driving&language=pl-PL";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_PROXYPORT, 3128);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    $response = curl_exec($ch);
    curl_close($ch);
    $response_a = json_decode($response, true);
    $dist = $response_a['rows'][0]['elements'][0]['distance']['text'];
    $time = $response_a['rows'][0]['elements'][0]['duration']['text'];

    return array('distance' => $dist, 'time' => $time);
}

You may use this function like this:

$coordinates1 = get_coordinates('Tychy', 'Jana Pawła II', 'Śląskie');
$coordinates2 = get_coordinates($city, $country);
if ( !$coordinates1 || !$coordinates2 )
{
    echo 'Bad address.';
}
else
{
    $dist = GetDrivingDistance($coordinates1['lat'], $coordinates2['lat'], $coordinates1['long'], $coordinates2['long']);
    echo 'Distance: <b>'.$dist['distance'].'</b><br>Travel time duration: <b>'.$dist['time'].'</b>';
}

Note : I find this code on this page of Stack Overflow.

Tell me if you have some questions or some comments.

SphynxTech
  • 1,799
  • 2
  • 18
  • 38
  • Many thanks for your answer ! It is exactly what I wanted. I tell you if I have some questions. – Jobel Apr 15 '18 at 16:21