I am writing some functions for a Facebook app using the Facebook API.
The function I am writing now is a function to remove a message the user has written.
What I send from the client is the users ID and also the comments id, I send this to a PHP-file
and then the PHP file removes the message from the database.
(I send the users id so I can compare it to the servers ID, so I can make 100% sure the user “owns” that comment)
Here is my question.
How can the PHP-file REALLY know that the user is the real logged in user?
People will be able to send another users ID and the comment ID and remove the comments in case
they use some kind of hack-program.
Is there a way for PHP to get the Facebook users real ID?
Thanks in advance,
Tompa
