This doesn't provide any benefit that I can see, but I'm ready to admit that I might be missing something. If the token is captured, the conditional statement can still be bypassed, because the value of $some_hidden_key isn't necessary for this at all.
Anyway, I'm a bit rushed, and I'll be happy to have a better look later if this doesn't make sense, or if it seems like I'm wrong. :-)
The idea was just that, an idea. I was trying to play out mechanics/scenarios in my head, before blindingly changing my code to suit this "secure" method.
But thats for the conversation...
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
