In a game that is written client side (js) but where there are multiplayer elements such as a leaderboard. What would be the best way to record the users actions to a transaction log with time stamps to validate integrity of data submitted and how would you validate the actions inside this log?
Is it even necessary to do this or will writing a hash function that submits scores to the server and obfuscating the code suffice when it comes to this kind of cheat prevention?
edit - game description:
In this game you walk on a map that is 50 tiles long. On every tile you can encounter enemies/towns/events(find coin etc.) Every time you reach the end of the map, a new map is loaded with a slightly higher difficulty. This difficulty gets saved (usering PHP on a MYSQL db) along with the player and his items which are bought from the towns. The items have a power int depending on their stats (dmg/hp/defense etc.) The items' power gets summed and also gets saved.
The power, stage(difficulty) and username are what gets displayed in the leaderboard for the top 10 players, sorted by highest power.
In general, there is no effective way to prevent cheating on client-side.
In terms of leaderboards and users posting their scores, the only way to prevent cheating is to process data on back-end or least try to validate it there.
Hashing the data before sending to a server won't help, because somebody can easily modify data just before hashing.
Transaction log won't help, because somebody can easily modify data just before submitting it to transaction log or even disable logging.
Obfuscation is basically security through obscurity which will make your code more difficult to hack, but definitely won't make it cheat-safe.
And again, you can never trust any data which comes from a client, so you will need a back-end to either control the whole gaming process or validate data.