Monday, July 23, 2007

Moods (Emoting)

This one's very interesting. Moods is vulnerable to the typical problem that we've seen in the past. Mainly, viewing a non-friend's mood history. In order to check out someone's history, simply alter the following url.

http://apps.facebook.com/emoting/?page=history&uid=xxxxxxxxx

Obviously substituting the person's id for the uid variable.

Now, here's the twist with this application. It doesn't even check to ensure that you are trying to set YOUR OWN MOOD! Yes, you can update someone's mood for them. Simply go to http://apps.facebook.com/emoting/ and copy the link to Update My Mood. It'll look something like the following. Now just substitute the proper ID for fb_sig_user.

http://neo.hotornot.com/facebook/emoting/main?fb_sig_in_iframe=1
&fb_sig_time=1182223441.0801&fb_sig_user=xxxxxxxxx&other_variables

6 comments:

astroblaster said...

I think you have rightly pointed out this wild west trend that is a bit frustrating to me as well. I have witnessed many a 'programmer' learning php to write an app for facebook.

Unfortunately this is not limited to facebook apps. I see this with developers all the time.

It is a bit like writing "if:then"'s with no ":else" clause to protect/redirect/alert/or give a clean exit to the user.

One of my biggest pet peaves are programs that barely do what they are supposed to do, but have no built in protection from doing things it WASN'T meant to do.

Scary, and good catch.

CAT Computers said...

I am looking to send a link in an email to non-friends (members of a group), that will allow them to bring up my application page and join me (even though they aren't a friend yet).

Any suggestions?

If you already had the app installed, friend or not - you could bring up the page below and align yourself to me:

http://knight.fb.hive7.com/LordView.aspx?lordid=641630655

However I am looking for a way for people who do not have the app yet installed to install it and then have it bring up my page.

Thanks,
Rob

Facebook Application Developers said...

please tell me more about this applicatins

Unknown said...

Always looking for good sites and I would have to say that this is one I will bookmark and return to again and again, I like your theme is it freely available?

micro-blogging

agathiyan said...

interesting blog. It would be great if you can provide more details about it. Thanks you


J2ME Application Development

Unknown said...

This must be a nice status mood. Will gonna check this out. Thank you! :)

facebook applications developers