I am using Fancy WebSockets in Javascript to communicate with my php server for my multiplayer game.
But right now, i just send raw sockets (json) as
Sending: {"command": "login", "data": {"id" : "1575","md5" : "6bd8937a8789a3e58489c4cfd514b1a7","username": "densortekat"}} index.php:58
Sending: {"command": "inroom"} index.php:58
Reciveing: {"command": "roombg","data" : "shop.png"} index.php:83
Reciveing: {"command" : "NEWUSER","data" : { "username" : "densortekat","seat_id" : "29","room_id" : "9"}} index.php:83
Sending: {"command" : "move", "data" : { "seat_id" : "53"}} index.php:58
Reciveing: {"command": "move", "data" : {"username" : "densortekat", "seat_id" : "53"}} index.php:83
Sending: {"command": "request_trade", "data" : "densortekat"} index.php:58
Reciveing: {"command":"trade", "data": {"username":"densortekat"}} index.php:83
Sending: {"command":"ping"}
My question is, how can i from javascript till PHP and the same way PHP->Javascript encrypt the data, so other cannot see what's going on?
You can't be sure javascript is activated on the client side, but te real problem is, you have no way to know the data you send & receive to the client from the server is dealt with by javascript and not by the user.
I, as a malicious user, can send you data like the one above that I forged myself rather than data that was computed by your js code. There is no way to receive data from a client with any certificate saying "this data was generated by a trusted js VM and not forged/manipulated by a user".
See html5 Websocket with SSL - if your initial page is HTTPS (SSL/TLS), then the websockets on it will be too.