Code igniter authentication code in controller security question

Posted by Prime Studios on Stack Overflow See other posts from Stack Overflow or by Prime Studios
Published on 2010-06-17T01:15:47Z Indexed on 2010/06/17 1:22 UTC
Read the original article Hit count: 273

I have a main controller to handle the very front-end of my authentication system, it handles login, logout, update user info, etc. functions that I anticipate calling by POST'ing from views/forms. What about something like a "delete_user" function though? My thoughts are a button in someones admin panel would say "Delete Account" and it would post to "/auth/delete", and the function would delete the user based on their session username or id. This seems a bit open ended, you could send out a link to someone and when they opened it while in that application it would delete their account.. Whats the best way to handle this?

© Stack Overflow or respective owner

Related posts about php

Related posts about security