My users are performing some actions on my website like clicking buttons.
I need to award prizes if a certain sequence of buttons has been clicked.
For every action I store the action information.
When they are done the activity information is sent to the server.
How can I ensure they didn’t just send me that information manually, but actually performed all required actions on the page, e.g. didn’t spoof it?
Since the browser needs to understand the code, any determined human can do it too.
However you can compress your code using for instance Google Closure compiler. That will discourage most cheaters.
But if you really do want to keep things secret, only the server can guarantee you that.
Answered By – Mic