I would like to protect a controller action from being directly
accessed directly by its URL. And no, I'm not talking about a user
authentication system. I have two controllers: Payments and Orders.
Payments is used first to save credit card information from the user,
then it redirects to the Orders controller so that it can save the
user's actual order information. If, for any reason, the Orders
controller cannot save the order to the database, it needs to tell the
Payments controller to remove the associated payment from the database
(think of it as a transactional insert). In my Orders controller, I
just do:
$this->requestAction("/payments/remove/$id");
Which works just fine. But after everything was working, I realized a
user could just go to "/payments/remove/[random number]" and would be
able to delete any random payments recorded in the database.
Does anyone have an idea how I could secure /payments/remove/ so that
it can only be accessed from a requestAction() call? Thanks in advance
for any help!
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Cake PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
