I think people prefer using sites without login systems and
registration, so it might be better to still allow anonymous access
and use PHP session to store the token. For example, see the
following tutorial:
http://daniel0.net/phpfreaks_tutorials/php_security/php_security.pdf
Imagine this form:
<?php
session_start();
$_SESSION['token'] = uniqid(md5(microtime()), true);
?>
<form action="/delete-user.php" method="post">
<input type="hidden" name="token" value="<?php echo
$_SESSION['token'] ?>" />
Username: <input type="text" name="username" />
<button type="submit">Delete user</button>
</form>
Here we have added a hidden field called token and stored its content
in a
session. On the next page we can do something like this:
<?php
session_start();
if ($_POST['token'] !== $_SESSION['token']) {
die('Invalid token');
}
// form processing here
?>
We simply check that it is a valid token and we have then successfully
ensured
that the request did in fact come from the form.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Maps API" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/Google-Maps-API?hl=en
-~----------~----~----~----~------~----~------~--~---
