Zugzwangle Posted August 29, 2010 Share Posted August 29, 2010 Hello people. I have a phpbb forum, and I have added a facebook link to every topic within my forum. That was relatively simple. What I want to do now, is send information from the 'viewtopic.php' page -> an external page called share.php. The facebook buttons I have inserted go to 'share.php?postNo=621' (621 is an example)... in that case the post with the identity 621 is recalled.. however I need to prevent people from simply editing the URL to view/submit to facebook, posts which they are not entitled to view.. I have used this bit of code to hide display the facebook buttons.. if ($userdata['session_logged_in'] && $is_auth['auth_edit']) { //exectute button code... $temp_url = append_sid("../facebook/share.$phpEx?postNo=" . $postrow[$i]['post_id']); $sharefb_img = '<a href="' . $temp_url . '"><img src="templates/subSilver/images/lang_english/icon_fbshare.gif" alt="' . $lang['Share_with_facebook'] . '" title="' . $lang['Share_with_facebook'] . '" border="0" /></a>'; $quote = '<a href="' . $temp_url . '">' . $lang['Share_with_facebook'] . '</a>'; } That works fine. As you can see, the post number ($postrow[$i]['post_id']) is passed via URL to the next page.. However how do I prevent people from simply editing the 'postNo=' variable to view posts which they may not have permission to view. I hope you follow me!! Thank you in advance on anticipation of your help!! Quote Link to comment Share on other sites More sharing options...
Zugzwangle Posted August 29, 2010 Author Share Posted August 29, 2010 I tried using 'filter_has_var(INPUT_POST, 'postNo');' .. but that didn't work... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.