I have a simple JavaScript game that sends a score to PHP by adding the score to the URL and then PHP uses GET to grab it. Obviously, this is about as easy to cheat as it could possibly be. I'd like to make it mildly irritating to cheat the game. I'm not looking for it to be fort nox or anything like that; there really is no point, but making it just a little harder to change your score would be nice.
So I'm looking to encrypt the numeric score using Crypto-JS and then decrypt it in PHP. I can't figure out how to get the same answer with Crypto-JS as I'm getting with PHP's mcrypt though.
I realize that anyone can read the code and figure out how to crack it in JavaScript; that's ok. It's not sensitive data at all, and if they go to that much trouble, they have expended more effort than it takes to beat the game anyways.
Alternate methods of scrambling the score would be fine too; just anything that really would require the average highschool user to put in more than 5 min of work to "crack" is good enough for my purposes. Any suggestions?
Crypto-JS: http://code.google.com/p/crypto-js/
You could try to send the values in like:
whatever.php?score=UNHASHED_SCORE&key=MD5(SALT . SCORE)
Then in PHP check:
$_GET['score'] == md5(SALT . $_GET['key'])
Where the $salt value is some random string that you know the value of.