We have a text based game and we found a few users were doing stuff repeatedly every minute for X amount of days we contacted them and eventually found out they were using auto clicker / refresher. I have no idea how i can stop this whether it be through code or some sort of auto kick session. Any ideas much appreciated.

If a location has been clicked more than once, give them another chance, if they fail to comply with the chance they we're given then ban from game.

Javascript?

We have logs of what they are doing but id like some auto script that can tell or some way of preventing it with a cookie session limit but then they use firefox and it keeps them logged in all the time and/or if they are using auto clicker the script presumes they are active. Anyway to force a session to end even if they are active?

We have logs of what they are doing but id like some auto script that can tell or some way of preventing it with a cookie session limit but then they use firefox and it keeps them logged in all the time and/or if they are using auto clicker the script presumes they are active. Anyway to force a session to end even if they are active?
Log when they started, if time = x (update log every minute or so?) if time = x then session_destroy()

Custom-code or engine? some engine's provide support for such problem. :)

On a text RPG i'm developing I realised that if users really wanted to they could navigate to 'ability.php' and just rank up there abilities without actually winning fights. So what I've seen as a way around this is on 'fight.php' you generate a MD5 code of a random number between say 1 and 1 billion and then store it in a sql database. When the user then goes to 'ability.php?key=uniquekey' the database is checked to see if the key is valid and if it is destroys it (in the database) so the same key cannot be reused, if the key is not valid the page simply spits out an error message to them.

Maybe a text verification code? :D

Maybe a text verification code? :D

Yeah, put a captcha on it.

You could grab the time and stop it being done every 10 secs or something?

On a text RPG i'm developing I realised that if users really wanted to they could navigate to 'ability.php' and just rank up there abilities without actually winning fights. So what I've seen as a way around this is on 'fight.php' you generate a MD5 code of a random number between say 1 and 1 billion and then store it in a sql database. When the user then goes to 'ability.php?key=uniquekey' the database is checked to see if the key is valid and if it is destroys it (in the database) so the same key cannot be reused, if the key is not valid the page simply spits out an error message to them.

Hmm well we have cron job php pages that update there ranks etc based on there database detail but these on in a hidden and password protected folder deep in the site.


Maybe a text verification code? :D
Sweetttt

Yeah, put a captcha on it.

Why is it always smack bang in your face an so simple.

On a text RPG i'm developing I realised that if users really wanted to they could navigate to 'ability.php' and just rank up there abilities without actually winning fights. So what I've seen as a way around this is on 'fight.php' you generate a MD5 code of a random number between say 1 and 1 billion and then store it in a sql database. When the user then goes to 'ability.php?key=uniquekey' the database is checked to see if the key is valid and if it is destroys it (in the database) so the same key cannot be reused, if the key is not valid the page simply spits out an error message to them.

That would only protect it from CSRF. If they are using an autoclicker then it wouldn't make a difference.