jaymc Posted February 13, 2008 Share Posted February 13, 2008 For my website, members can delete each other as a friend via deletefriend.php?user=jamie Some people are creating links that when clicked redirect to deletefriend.php?user=jamie This obviously delete the friend for who clicks it Whats the best way to stop this, apart from having people enter the dynamic codes Cheers Link to comment https://forums.phpfreaks.com/topic/90927-security/ Share on other sites More sharing options...
Isityou Posted February 13, 2008 Share Posted February 13, 2008 Create session info where every user has their on unique session ID. Check for unique ID when they delete their friend and if it doesn't compare throw an error. Link to comment https://forums.phpfreaks.com/topic/90927-security/#findComment-466032 Share on other sites More sharing options...
The Little Guy Posted February 13, 2008 Share Posted February 13, 2008 parse the links people make, and remove deletefriend.php or user=jamie so... if they make a link parse it like this: preg_replace("~deletefriend.php~","index.php",$inserttext); Another thing to do would be to make the user confirm the deletion of a friend, so it would take them to a page where it would say: "Are you sure you want to delete Jamie as a friend?" Then there is a "Yes" and a "No" button or link. Link to comment https://forums.phpfreaks.com/topic/90927-security/#findComment-466035 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.