Manol Posted March 15, 2014 Posted March 15, 2014 Hello. I've got a json file which I send with $http post to a processwire page, then this page saves the data under a page in the processwire tree. As an example: file.json { 'user': 'manol' , 'email': 'my@mail.com' , .... } $http({url: '/web-service/save-json-to-page/', method: "POST", data: file.json } ) function getPost(){ $request = file_get_contents('php://input'); return json_decode($request,true); } $getPost = getPost(); $user = $getPost['user']; $email = $getPost['email']; save under some page Now I check if the user has the right role to do it but I feel that is really insecure using js and php together. How can I secure that so only granted users are able to save the data, CSRF, other options?.
diogo Posted March 15, 2014 Posted March 15, 2014 I'm not an expert in this, but you can have a hidden field in that form with a random number or string generated with PHP only for the logged in user, store in in a session and check for it when the form is submitted. edit: in your case it's not a form, but you can still pass some info to the page, that can be sent back to server together with the file. 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now