PHP User Management system is through the Get pass ID past the deletion of the user, in case someone else randomly change the ID will not be mistaken operation, how to prevent this problem?? Are there any other options besides post?
Reply content:
PHP User Management system is through the Get pass ID past the deletion of the user, in case someone else randomly change the ID will not be mistaken operation, how to prevent this problem?? Are there any other options besides post?
Really want to change, you post is not crest matter ah, simulate a post operation is completed! The key is still the permissions, before deleting verify that the current account has delete permissions.
If you are worried about deleting the problem, you can only add the Recycle Bin function and add a field to the table trash
. The user is deleted trash
true
, and does not appear in the page, the administrator after review think can be deleted from the database deleted.
Before the delete operation, determine whether the administrator of the operation delete User has permission to delete this ID corresponding to the user.
Before the deletion, it is possible to delete the operation as a logical deletion, and the operation of the tombstone is reversible.
Add token validation.
That's right, first of all, to confirm the deletion before deleting the permission. Then the post will carry a token to prevent CSRF attack
1. Instead of deleting from the database, set a field so that it does not display
2. Use Tokenstirng+tid+time certain encryption method