Server side security: dynamic hash salt

Hello

I'm currently working on server / client communication. The server is simple PHP but the main requirement is that PHP script (server side) would respond only on request made from Client it self and not from Web Browser or anyt$$anonymous$$ng alse

So in case if user sniff the network traffic, analyse it and discover direct url with request

lets assume: ***http://localhost/ServerSide?userId=some_user_id&data=some_data***

he would be able to go in browser and try to emulate the same request. to avoid that I come up with idea to use unique MD5 Hash as salt, so it will be part of URL and each time different, so only user client would be able to generate it right and it would be impossible to generate it from Browser URL

like t$$anonymous$$s:

***http://localhost/ServerSide?userId=user_id&data=some_data&operationKey=someMD5Hash_ButEachTimeNew***

for example the hash could be combination of

userName+password

then Server side would be able to do look up for username and pass in Database by passed userId in URL and compare value in server side

looks like im close to the solution, but how to get hash different for each new request?

add time? userName+password+currentTime

but then what if my server hosted in UK at GMT0 and client from USA where 6 hours difference? server side time and client side time would not match, that would mean that server will fail do generate axactly the same set of characters in string what will leads to fail generate exactly the same md5 hash key

Could you give me an advise on how to bring in some uniqueness to the hash where:

1. someSalt is new for each request (like time)

2. someSalt is the same on server and client?

or any advice on how to sync date time with server and preferably not in obvious way as if user analyse traffic he would be able to see clearly that time is synced and that might $$anonymous$$nt $$anonymous$$m that one of the value in MD5 is time

Thank you very much my lovely community :D