ok i have a php page that i call from javascript (kinda like a AJAX thing).
the php page add clicks to a mysql database (say a user clicks on a banner).
these clicks are then able to be used to get things, say a free download of something. the script takes prams as: script.php?username=auser&points=1
now what i need is to protect this so that a user cant do the following:
script.php?username=auser&points=9999
calling the script directly from the url this would be cheating!
password protecting the dir wont work because the script needs a username for it to be usefull so the user has be signed up already.
so i need the php script to only work when its called from my javascript, any ideas?