Zugzwangle Posted August 29, 2010 Share Posted August 29, 2010 Hello people. I have a phpbb forum, and I have added a facebook link to every topic within my forum. That was relatively simple. What I want to do now, is send information from the 'viewtopic.php' page -> an external page called share.php. The facebook buttons I have inserted go to 'share.php?postNo=621' (621 is an example)... in that case the post with the identity 621 is recalled.. however I need to prevent people from simply editing the URL to view/submit to facebook, posts which they are not entitled to view.. I have used this bit of code to hide display the facebook buttons.. if ($userdata['session_logged_in'] && $is_auth['auth_edit']) { //exectute button code... $temp_url = append_sid("../facebook/share.$phpEx?postNo=" . $postrow[$i]['post_id']); $sharefb_img = '<a href="' . $temp_url . '"><img src="templates/subSilver/images/lang_english/icon_fbshare.gif" alt="' . $lang['Share_with_facebook'] . '" title="' . $lang['Share_with_facebook'] . '" border="0" /></a>'; $quote = '<a href="' . $temp_url . '">' . $lang['Share_with_facebook'] . '</a>'; } That works fine. As you can see, the post number ($postrow[$i]['post_id']) is passed via URL to the next page.. However how do I prevent people from simply editing the 'postNo=' variable to view posts which they may not have permission to view. I hope you follow me!! Thank you in advance on anticipation of your help!! Link to comment https://forums.phpfreaks.com/topic/212027-phpbb-forum-post/ Share on other sites More sharing options...
Zugzwangle Posted August 29, 2010 Author Share Posted August 29, 2010 I tried using 'filter_has_var(INPUT_POST, 'postNo');' .. but that didn't work... Link to comment https://forums.phpfreaks.com/topic/212027-phpbb-forum-post/#findComment-1104967 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.