jaymc Posted February 13, 2008 Share Posted February 13, 2008 For my website, members can delete each other as a friend via deletefriend.php?user=jamie Some people are creating links that when clicked redirect to deletefriend.php?user=jamie This obviously delete the friend for who clicks it Whats the best way to stop this, apart from having people enter the dynamic codes Cheers Quote Link to comment Share on other sites More sharing options...
Isityou Posted February 13, 2008 Share Posted February 13, 2008 Create session info where every user has their on unique session ID. Check for unique ID when they delete their friend and if it doesn't compare throw an error. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted February 13, 2008 Share Posted February 13, 2008 parse the links people make, and remove deletefriend.php or user=jamie so... if they make a link parse it like this: preg_replace("~deletefriend.php~","index.php",$inserttext); Another thing to do would be to make the user confirm the deletion of a friend, so it would take them to a page where it would say: "Are you sure you want to delete Jamie as a friend?" Then there is a "Yes" and a "No" button or link. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.