Yes I see how this works, thank you for the code William. I'm not sure on all the PHP terms inside the code but I will reference them and likely use this method, plus other things I've been reading to make everything more secure.
What I'm having trouble with is preventing errors from being shown. I'm not quite sure if I can as I'm not the administrator of my server. Though I think I can do it with the PHP script itself. Thanks again. On Sep 29, 5:03 pm, William <[EMAIL PROTECTED]> wrote: > I think people prefer using sites without login systems and > registration, so it might be better to still allow anonymous access > and use PHP session to store the token. For example, see the > following > tutorial:http://daniel0.net/phpfreaks_tutorials/php_security/php_security.pdf > > Imagine this form: > <?php > session_start(); > $_SESSION['token'] = uniqid(md5(microtime()), true); > ?> > <form action="/delete-user.php" method="post"> > <input type="hidden" name="token" value="<?php echo > $_SESSION['token'] ?>" /> > > Username: <input type="text" name="username" /> > <button type="submit">Delete user</button> > </form> > Here we have added a hidden field called token and stored its content > in a > session. On the next page we can do something like this: > <?php > session_start(); > if ($_POST['token'] !== $_SESSION['token']) { > die('Invalid token');} > > // form processing here > ?> > We simply check that it is a valid token and we have then successfully > ensured > that the request did in fact come from the form. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Maps API" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Maps-API?hl=en -~----------~----~----~----~------~----~------~--~---
