Secure coins claiming in mobile app
I want to develop a mobile app with features of coins claiming after user passed X number of steps , my mobile app will be integrated with Health Kits SDK , so users will get 200 coins for each 1000 steps they achieved by the day.
Now , from mobile end , there will be a logical code , reading a data “steps” coming from Health Kit SDK , if ($steps == 1000) { send POST request to server side
At server side , we will have an controller that responsible for receiving coins claim :-
public function getCoins(Request $request,$user,$num){
// Here i will insert the code that update the coins number registered for that user
$user = AppUser::find($user->id);
//updating coins column
$user->coins = $user->coins + $num;
$user->save();
}
If any attacker captured a http request that happened when our app send request for claiming , he will use a same request with specifying the same body parameters ( $user = 20 ,$num = 200) , the server will execute that request and it will increase a user with id =20 an 200 coins .
How can i control this ?
from Laravel Questions and Answers https://laravelquestions.com/php/secure-coins-claiming-in-mobile-app/
via Lzo Media
No comments:
Post a Comment