I'd like to have a web page / form that gets the geo-location (via HTML5 and js) of the user (expected to be on a GPS phone) in such a way that I can be pretty sure they are at the coordinates I'm expecting. In other words, I want them to only access my page when they are at a certain place.
I want to minimize hackers capturing / spoofing this page so that they can't do replay attacks, reverse engineering, etc. I don't want them to trick the site into thinking they are at the place the next day when they are not.
The main page will be a form which requests geoloc and fills in a hidden form field with coords, and the user fills in some user text fields. The results get posted to my server.
Since this is just a web page (not a native app), I understand I probably (almost assuredly!) can't lock this down 100%. But maybe I could stop the average (smart-ish) joe from spoofing it?
I've thought of a few ways to make the spoof harder: tokens, timestamps, js obfuscation of post data and code, etc. I just thought I'd pick the brains of the MUUG geniuses for some ideas.