Before one of my users realize an action, I need to know how many credits they have to see if they can do the action or not.
I do this using an ajax call, something like this:
jQuery.ajax({url: 'getCredit.php',
type: 'POST',
})
.done(function( data) {
if (data.credit >= 1) { do the action }
});
My question is: Can't my users "cheat" changing the var (data.credit) to be always >1 with chrome console, or firebug?
What's the best way to ask for their credit?
EDIT: I have a form, and I want to check the credit when they click the submit button, so the form won't send if they have not enough credit to do it. I think this clarify it a bit.
Thanks.
You will have to check it again in the server side. From the point of view of UX is good for the user that you check the credit before the submit the form, but anyway you will have to check it again once the form is submitted on the server side. For example, since you're talking about current users:
if($current_user->credit>1)
doAction();
Is the same with the form validations, you have to do it in client and server side, never trust the user.
Never, but never trust the user
The best way to achieve this would be to display and do the actions always in the server.
in getCredit.php you should check credit and do { do the action } .You do not need to go back to the client unless you want to change UI. It does not matter.
You can simply do:
$.ajax({
type: 'POST',
url: 'yoururl',
success: function (data, textStatus, jqxhr) {
if (data.isValidCredit) {
//do the action
}
},
error: function (jqxhr, textStatus, errorThrown) {
//handle error
}
});
Note: iv'e used @Afonso Matos advice and assumed you could return a boolean verifying the users credits (instead of checking it on the client).