I've thinked (inside the view):
1) grab the server's date/time
2) md5 it and save in $token
3) store $token in a session variable
send the token to remove function through "with" parameter of ajax
call:
echo $ajax->link('Remove', array(
'controller' => 'collections',
'action' => 'remove',
$id
),
array(
'update' => 'ajaxContent',
'with' => '{
token: "'.$token.'"
}'
)
);
CONTROLLER:
Then inside remove() function:
1) Grab the token passed through "with"
2) Grab the token store in session variable
3) if two tokens are equals perform real action
4) remove token stored in session
On 9 Set, 15:00, "Mariano C." <[email protected]> wrote:
> I try to explain better. I have a remove link inside my view,
> something like:
>
> h_ttp://myweb.com/collections/remove/12
>
> This will remove element with id 12, and it works perfectly. If a user
> call this element coping and pasting it inside a browser URL field
> this works too, but I want that this call happen ONLY if action is
> fired by a link clicking.
>
> How can I do?
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
