/    Sign up×
Community /Pin to ProfileBookmark

Secure Facebook Style Like Button?

Copy linkTweet thisAlerts:
Jul 26.2011

I’m trying to create a button similar to Facebook’s ‘Like’ button which is applied to each item in a list. When a user clicks the like button this item is favourited for the logged in user. For the moment I do this in the following way:-

<div id=”item_<?php echo $row[‘item_id’];?>” onclick=”like(<?php echo $row[‘item_id’];?>)”></div>

Obviously this is very unsecure because anyone can easily modify the item id stored in the like() function in the onclick property and like any item thes guess the id of.

My question is how do I make this secure by either not displaying the id of the item but still having it accessible to my like function or via some other method?

to post a comment
JavaScript

3 Comments(s)

Copy linkTweet thisAlerts:
@DerokorianJul 27.2011 — The best idea I have to make this "more secure" would be to use a base64_encode serialization of the item id, or item information array (whateva floats your boat). And then in the processing script use base64_decode and unserialize to get the information back in to a usable format.

Of course this is just speculation I don't know how your javascript function or your supporting php scripts work. If you'd like to post more code I will see if I can't give you more help (try posting on your php thread or in that forum for my help I never watch js forum)
Copy linkTweet thisAlerts:
@rnd_meJul 27.2011 — encoding will do nothing: an id would still be an id.

i don't see the harm in over-liking, perhaps you should consider why someone would want to do that with your app and remove the impetus for cheating.

aside from that, all you really need to do is rename the IDs for each user.

for example, if i have 5 pages [a,b,c,d,e], i tell user that they can like IDs [5,8,3,4,9], user two that they can like IDs [63,23,76,33,86], and user three that they can like [84,32,5,8,3].

in all cases, you only need the list position of the chosen ID, then you take that position from the real list of IDs to add the actual like.

just generate a random table of replacement names for each user.
×

Success!

Help @jimmyoneshot spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...