Quote:
Originally Posted by robber
could be easily spammed by being posted to by a cURL process :D, you need some sort of check for the requester to make sure it is your server
|
Very true. As i havent implement security yet, i have no example code but i can tell what im going to do.
I think there are 2 options ( i might implement both ):
1. Check de $_SERVER array on the api page. I'm not sure if the desired information will be there as its a jquery post, but i think it will be.
2. Have hidden input array with session_id, logged_in_status encrypted with a set key and use base64_encode on it ( server side ). This much i already have ;)
Make an active table in the db and have javascript send a $.post every 15 min to the api to update the active table.
Then, when a request comes in to insert a new link, you can check if the last active entry in the table of the session, is within 15 min. If so, insert the link, if not, no action. ( perhaps log it, so you can see whose trying to screw u over or to check if your code isnt screwed up ;) )
I'll prolly end up implementing both ;)