Cross-site request forgery (CSRF) $_GET |
[eluser]behnampmdg3[/eluser]
Hello; How can I make it so only visitors from this website can call this function (and delete the photos)? Thanks Code: public function delete($photo)
[eluser]ojcarga[/eluser]
Maybe you can test using the User Agente Class, I am not sure if that is the best way but guess it would work: http://ellislab.com/codeigniter/user-gui...agent.html Also, you should not leave that method open for calling it, you should validate if the user has permissions to delete it. Cheers!
[eluser]solid9[/eluser]
Maybe he is trying to say member not visitors. If this is what you meant. Then you should create a method. Code: $this->member_login($member); then do the deletion. Or if you really want to give permission the visitors to delete as well, then you can implement a captcha.
[eluser]behnampmdg3[/eluser]
Guys thanks for your reply but not really. I am fine if anyone deletes things that is not the issue here. The issue is how can I make sure the link has been originated from my own website. For example this link: http://www.website.com/gallery/delete/22 I want this link to work only if clicked from my own site Thanks
[eluser]solid9[/eluser]
Well here is a hint, get the URL of the referrer and compare it to your base_url() If it did not matched then don't call the unlink(). else unlink(). Hope that helped you.
[eluser]solid9[/eluser]
I think you need the $_SERVER['HTTP_REFERER']. Not sure the equivalent command to CI. If it doesn't have, it still will work. |
Welcome Guest, Not a member yet? Register Sign In |