<?php
require_once('siteIncludes.php');
require_once('secure_ids.class.php');
$sIDs = new secure_ids();
//get list of personal friends who allow me to view info for them
$friends = getFriendList();
//For each of my friends print a link to the view info page for them
foreach($friends as $friend){
//Suppose the following was my link and I was using the users record number from the database
//I could easily increment the url value and get info for someone who had not approved me accessing their data
//echo '<a href="getInfo.php?ID='.$friend['RecNo'].'">'.$friend['Name'].'</a><br/>';
//This senario is safe The id is not only unguessable but no id that hasn't been run through the secure_ids class will be accessable
//In getInfo.php just run $sIDs->displayID($_GET['ID']); to get the real ID back
$friendID = $sIDs->displayID($friend['RecNo']);
echo '<a href="getInfo.php?ID='.$friendID.'">'.$friend['Name'].'</a><br/>';
}
|