Suppose I am doing a JavaScript game, and I wish the game to update the server if the user has successfully completes the game and his outcome.

How should I ensure that the request came from the JavaScript game, and that the data sent has not been tampered with. I am using PHP as the server-side language.

I do understand that no strategies are going to be 100% fool-proof, and any measures taken is more of a deterrence than absolute protection.

On Edit: Let's supposed we're not using server verification of each user's step (as in a traditional MMO). The game could be a mini-game as part of a web game or educational game (a sliding block puzzle, for example) and requiring a server-side component for each of those games could be tedious.

Example: Supposed, when the game is completed, a request is sent to the server via. AJAX

game_finished.php?user_id=1&outcome=success&score=88

A user could 'fake' the server in believing that the game has been completed correctly by sending that request to game_finished.php. How could this be made more difficult?

Suppose I am doing a JavaScript game, and I wish the game to update the server if the user has successfully completes the game and his outcome.

How should I ensure that the request came from the JavaScript game, and that the data sent has not been tampered with. I am using PHP as the server-side language.

I do understand that no strategies are going to be 100% fool-proof, and any measures taken is more of a deterrence than absolute protection.

On Edit: Let's supposed we're not using server verification of each user's step (as in a traditional MMO). The game could be a mini-game as part of a web game or educational game (space invaders or a real-time game, for example) and requiring a server-side component for each of those games could be tedious.

Example: Supposed, when the game is completed, a request is sent to the server via. AJAX

game_finished.php?user_id=1&outcome=success&score=88

A user could 'fake' the server in believing that the game has been completed correctly by sending that request to game_finished.php. How could this be made more difficult?

Suppose I am doing a JavaScript game, and I wish the game to update the server if the user has successfully completes the game and his outcome.

How should I ensure that the request came from the JavaScript game, and that the data sent has not been tampered with. I am using PHP as the server-side language.

I do understand that no strategies are going to be 100% fool-proof, and any measures taken is more of a deterrence than absolute protection.

Suppose I am doing a JavaScript game, and I wish the game to update the server if the user has successfully completes the game and his outcome.

How should I ensure that the request came from the JavaScript game, and that the data sent has not been tampered with. I am using PHP as the server-side language.

I do understand that no strategies are going to be 100% fool-proof, and any measures taken is more of a deterrence than absolute protection.

On Edit: Let's supposed we're not using server verification of each user's step (as in a traditional MMO). The game could be a mini-game as part of a web game or educational game (a sliding block puzzle, for example) and requiring a server-side component for each of those games could be tedious.

Example: Supposed, when the game is completed, a request is sent to the server via. AJAX

game_finished.php?user_id=1&outcome=success&score=88

A user could 'fake' the server in believing that the game has been completed correctly by sending that request to game_finished.php. How could this be made more difficult?