Hi folks,

I am trying to use DataAssist to manipulate a job listing database for a client of mine.

I have the database created, but I need to be able to allow users who have entered jobs to edit only the jobs they posted.

I ran DataAssist and created the usual pages, Insert, Update, Search, Results and Delete. Insert works perfectly but I cannot get Search and Results to work as I need them to.

What is the best way to edit things so that a user only sees their own postings?

Thanks in advance

Have the user log in and store the associated userID as a session variable.

Make sure to store that userId as part of their insert and that way you can filter the recordset by the userid session variable so that they only have access to their own records.

thanks Ray, I'll try that

When I try to edit the record set on the Results page, to specifiy comparing member_id in the jobs database with the session variable, I get an error message saying "Making this change would require changing code that is locked by a template or a translator. The change will be discarded.

The page was generated with dataassist. How do I edit it?

thanks

Do you have the most recent version from your order history? This is a bug introduced in cs4. I think if you contact support or maybe just download the most recent version available you can fix the problem.

(you can also just adjust the recordset query in code view)

thanks Ray,

I do have the most recent version, but I am removing it and reinstalling it, just in case my last install got bugged by my not removing the previous one first. UPDATE ok tried, that, didn't help. Still getting the error message

I am not entirely sure how to edit my code by hand, so I haven't tried that. However, I have to have this fixed by end of today, so what is the best way to contact support for an emergency fix if I can't get it fixed myself? or is that not possible?

A support incident is the best way. They may not get you an emergency fix, but they can help you with a work-around.

What are you trying to edit? Maybe I can help walk you through how to do it by hand.

I ran DataAssist and created the usual pages. Insert, Delete, Update, Search, Results.

I need the search page to only return results for jobs inserted by the user who is logged in and doing the search, as opposed to bringing up all jobs listed.

So, per your instruction, I added a hidden form field to the insert.php that inserts the session variable MM_UserID into the member_id field of the jobs table.

The property inspector shows: hiddenUserID Value <?php echo $_SESSION['MM_UserID']; ?>

So far, so good, I insert a new job and the job listing table shows the member_ID correctly.

Now, I am trying to edit the results page record set (WADAjobs) with WHERE member_id = 'colname' and I'm defining a variable colname as integer, default value -1, $_SESSION['MM_UserID']

When I do this, I get the error message and no update is done to the page. So when a user logs in to edit their job listing and does a search, they are getting access to all jobs, not just their own.

Any help you can give Ray is appreciated. I know the support guys are swamped and my tickets often don't get answered for several days.

Hi,

if i understand it right, you dont want other users to edit the other users posts?

OK, i do it with 2 things. first, the userID of the logged in User. store it in a session. its easy with security assist.

then, to make sure no one can change the postID create a hush, so i call it.

so you got a recordset of all the posts a user posted.

userID=1
postID=3
postID=5
postID=8

so, normaly you link: ......showpost.php?postID=8

but then it doesent work with dataassist, cause there is only one where possible.

so you need 2 parameters.

......showpost.php?postID=8&SEC=456456456456456456456456456

so, you got the postID and the userID this will create the SEC

$SEC=SHA1(postID.userID)

in the showpost.php page, just check if the posted SEC is the SHA1 of the posted postID and the in session stored userID.

if so, you can use the postID.

And use that in Dataassist.



I hope you understand what I want to say ;-)

Denis

Thanks for your reply Denis.

I read through your solution and unfortunately, I don't have enough knowledge to understand all that you were explaining.

Hopefully, Ray will have a simple solution.

thanks

For a quick work-around... copy and paste the recordset to a new page.

Then make your adjustments and copy and paste the code from code view to the original page.

You should be able to add the session variable parameter directly to the where clause.

Did that, got a message that the changes were to a part of the page not marked editable (even though it most definately is) and that the changes would not be saved...

any other thoughts?

Use notepad if you need to... and post a support incident so somebody can try to reproduce it and figure out why this happens.

Ray, I have tried everything thing I can think of to force the change and no dice.

And my support ticket has not even been acknowledged yet. My client needs this done by tomorrow morning as this new area of the site is supposed to be announced at the AGM.

The site was working properly 3 days ago. I managed to break it AFTER I said it was ready. And I know it's my own fault, but any help I can get would be very appreciated.

Ok, I have a bit of an update.

I really checked the code on the page, and I found an entire block of code that appeared to be calling the old database Search that is no longer supposed to be used with Data Assist. I deleted that block of code and was able to update the server behaviour.

so the good news is, the insert / search / results page are working mostly.

the last glitch I need to workout is that when I insert a new record, the insert page is reloading rather than redirecting to the results page. I have checked the code and it appears to be formatted properly. Any ideas what could cause this?

Also, for some reason I have WADbSearch directory. Is this part of DataAssist or should it be deleted?

thanks

It is part of DataAssist. DBSearch was added to DataAssist and we stopped selling it individually. It is still used on the results page for the search functionality to work.

If you look at the insert server behavior it should specify the page to go to after the insert.

It does specify the page, but still doesn't go there. Here's the code from the page:


$WA_connection = $cpca_members;
$WA_table = "job";
$WA_sessionName = "WADA_Insert_job";
$WA_redirectURL = "job_member_Detail.php";
$WA_keepQueryString = false;
$WA_indexField = "job_ID";
$WA_fieldNamesStr = "member_id|company|contact_name|contact_phone|conta ct_email|job_type|job_category|job_title|job_descr iption";
$WA_fieldValuesStr = "".$_SESSION['MM_UserID'] ."" . "|" . "".((isset($_POST["company"]))?$_POST["company"]:"") ."" . "|" . "".((isset($_POST["contact_name"]))?$_POST["contact_name"]:"") ."" . "|" . "".((isset($_POST["contact_phone"]))?$_POST["contact_phone"]:"") ."" . "|" . "".((isset($_POST["contact_email"]))?$_POST["contact_email"]:"") ."" . "|" . "".((isset($_POST["job_type"]))?$_POST["job_type"]:"") ."" . "|" . "".((isset($_POST["job_category"]))?$_POST["job_category"]:"") ."" . "|" . "".((isset($_POST["job_title"]))?$_POST["job_title"]:"") ."" . "|" . "".((isset($_POST["job_description"]))?$_POST["job_description"]:"") ."";
$WA_columnTypesStr = "none,none,NULL|',none,''|',none,''|',none,''|',non e,''|',none,''|',none,''|',none,''|',none,''";
$WA_fieldNames = explode("|", $WA_fieldNamesStr);
$WA_fieldValues = explode("|", $WA_fieldValuesStr);
$WA_columns = explode("|", $WA_columnTypesStr);
$WA_connectionDB = $database_cpca_members;
mysql_select_db($WA_connectionDB, $WA_connection);
if (!session_id()) session_start();
$insertParamsObj = WA_AB_generateInsertParams($WA_fieldNames, $WA_columns, $WA_fieldValues, -1);
$WA_Sql = "INSERT INTO `" . $WA_table . "` (" . $insertParamsObj->WA_tableValues . ") VALUES (" . $insertParamsObj->WA_dbValues . ")";
$MM_editCmd = mysql_query($WA_Sql, $WA_connection) or die(mysql_error());
$_SESSION[$WA_sessionName] = mysql_insert_id();
if ($WA_redirectURL != "") {
if ($WA_keepQueryString && $WA_redirectURL != "" && isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] !== "" && sizeof($_POST) > 0) {
$WA_redirectURL .= ((strpos($WA_redirectURL, '?') === false)?"?":"&").$_SERVER["QUERY_STRING"];
}
header("Location: ".$WA_redirectURL);
}

There are other wonky things as well. Delete requires you to hit the delete button twice, and when you do, it reloads the delete page, rather than redirecting to the results page again.

My head hurts!

And this is the code I removed from the Results page, that seems to have made it work again...

<?php
//WA Database Search (Copyright 2005, WebAssist.com)
//Recordset: WADAjob;
//Searchpage: job_member_Search.php;
//Form: WADASearchForm;
$WADbSearch1_DefaultWhere = "";
if (!session_id()) session_start();
if ((isset($_GET["Search_x"]) && $_GET["Search_x"] != "")) {
$WADbSearch1 = new FilterDef;
$WADbSearch1->initializeQueryBuilder("MYSQL","1");
//keyword array declarations

//comparison list additions
$WADbSearch1->addComparison("member_id","".((isset($_POST["".$_SESSION['MM_UserID'] .""]))?$_POST["".$_SESSION['MM_UserID'] .""]:"") ."","AND","=",1);
$WADbSearch1->addComparisonFromEdit("company","S_company","AND","Includes",0);
$WADbSearch1->addComparisonFromList("job_type","S_job_type","AND","Includes",0);
$WADbSearch1->addComparisonFromList("job_category","S_job_category","AND","Includes",0);

//save the query in a session variable
if (1 == 1) {
$_SESSION["WADbSearch1_job_member_Results"]=$WADbSearch1->whereClause;
}
}
else {
$WADbSearch1 = new FilterDef;
$WADbSearch1->initializeQueryBuilder("MYSQL","1");
//get the filter definition from a session variable
if (1 == 1) {
if (isset($_SESSION["WADbSearch1_job_member_Results"]) && $_SESSION["WADbSearch1_job_member_Results"] != "") {
$WADbSearch1->whereClause = $_SESSION["WADbSearch1_job_member_Results"];
}
else {
$WADbSearch1->whereClause = $WADbSearch1_DefaultWhere;
}
}
else {
$WADbSearch1->whereClause = $WADbSearch1_DefaultWhere;
}
}
$WADbSearch1->whereClause = str_replace("\\''", "''", $WADbSearch1->whereClause);
$WADbSearch1whereClause = '';
?>

You will have to add it back before your search page will function properly.

it's that block of code that is causing the error messages about being locked by a template. and when I try to add it back to the page, after editing the server behaviour, I get the same error message.

If I try to edit the DataAssist Search Server Behavior, I get:

"While executing onLoad in WADS_ServerBehavior.htm, the following JavaScript error(s) occurred:

At line 926 of the file c:\Program Fiiles (x86)\Adobe\Adobe Dreamweaver CS4\Configuration\Shared\WebAssist\ApplicationBuil der\Library\WA_GerealUI.js": out of memory

Cut and paste it back into place using notepad.

And add a line to the recordset code immediately after the line that begins with $query_WADAjob:

setQueryBuilderSource($query_WADAjob,$WADbSearch1, false);

That will re-implement the search code.

The error is most likely generated when our code tries to add the setQueryBuilderSource() line to your recordset. If you add it manually in notepad the problems will probably go away.

What version of DW are you using and on what operating system?

DW CS4, Windows Vista 64 bit

You're probably getting tired of me by now...

I reinstated the backup of the page, which included the code I deleted. The line you told me to put in was already in the recordset query. Now the page loads, but with all results again

Right... because the rest of the recordset updates have been removed.

You now just need to add your recordset filter based on the session variable.

Do you still have your updated page.

If you send me copies of the recordset code on each I can show you how to combine them to get what you need.

ok, hope I'm doing this right.

So, code from the edited page, with the search removed....


<?php
$maxRows_WADAjob = 10;
$pageNum_WADAjob = 0;
if (isset($_GET['pageNum_WADAjob'])) {
$pageNum_WADAjob = $_GET['pageNum_WADAjob'];
}
$startRow_WADAjob = $pageNum_WADAjob * $maxRows_WADAjob;

$colname_WADAjob = "-1";
if (isset($_SESSION['MM_UserID'])) {
$colname_WADAjob = (get_magic_quotes_gpc()) ? $_SESSION['MM_UserID'] : addslashes($_SESSION['MM_UserID']);
}
mysql_select_db($database_cpca_members, $cpca_members);
$query_WADAjob = sprintf("SELECT job_ID, member_id, company, contact_name, contact_phone, contact_email, job_title FROM job WHERE member_id = %s ORDER BY company ASC", GetSQLValueString($colname_WADAjob, "int"));
$query_limit_WADAjob = sprintf("%s LIMIT %d, %d", $query_WADAjob, $startRow_WADAjob, $maxRows_WADAjob);
$WADAjob = mysql_query($query_limit_WADAjob, $cpca_members) or die(mysql_error());
$row_WADAjob = mysql_fetch_assoc($WADAjob);

if (isset($_GET['totalRows_WADAjob'])) {
$totalRows_WADAjob = $_GET['totalRows_WADAjob'];
} else {
$all_WADAjob = mysql_query($query_WADAjob);
$totalRows_WADAjob = mysql_num_rows($all_WADAjob);
}
$totalPages_WADAjob = ceil($totalRows_WADAjob/$maxRows_WADAjob)-1;
?>


Code from the page unchanged page (although it still gives me an error message every time I change anything in the recordset)


<?php
$maxRows_WADAjob = 10;
$pageNum_WADAjob = 0;
if (isset($_GET['pageNum_WADAjob'])) {
$pageNum_WADAjob = $_GET['pageNum_WADAjob'];
}
$startRow_WADAjob = $pageNum_WADAjob * $maxRows_WADAjob;

mysql_select_db($database_cpca_members, $cpca_members);
$query_WADAjob = "SELECT job_ID, member_id, company, contact_name, contact_phone, contact_email, job_title FROM job ORDER BY company ASC";
setQueryBuilderSource($query_WADAjob,$WADbSearch1, false);
$query_limit_WADAjob = sprintf("%s LIMIT %d, %d", $query_WADAjob, $startRow_WADAjob, $maxRows_WADAjob);
$WADAjob = mysql_query($query_limit_WADAjob, $cpca_members) or die(mysql_error());
$row_WADAjob = mysql_fetch_assoc($WADAjob);

if (isset($_GET['totalRows_WADAjob'])) {
$totalRows_WADAjob = $_GET['totalRows_WADAjob'];
} else {
$all_WADAjob = mysql_query($query_WADAjob);
$totalRows_WADAjob = mysql_num_rows($all_WADAjob);
}
$totalPages_WADAjob = ceil($totalRows_WADAjob/$maxRows_WADAjob)-1;$maxRows_WADAjob = 10;
$pageNum_WADAjob = 0;
if (isset($_GET['pageNum_WADAjob'])) {
$pageNum_WADAjob = $_GET['pageNum_WADAjob'];
}
$startRow_WADAjob = $pageNum_WADAjob * $maxRows_WADAjob;

mysql_select_db($database_cpca_members, $cpca_members);
$query_WADAjob = "SELECT job_ID, member_id, company, contact_name, contact_phone, contact_email, job_title FROM job ORDER BY company ASC";
setQueryBuilderSource($query_WADAjob,$WADbSearch1, false);
$query_limit_WADAjob = sprintf("%s LIMIT %d, %d", $query_WADAjob, $startRow_WADAjob, $maxRows_WADAjob);
$WADAjob = mysql_query($query_limit_WADAjob, $cpca_members) or die(mysql_error());
$row_WADAjob = mysql_fetch_assoc($WADAjob);

if (isset($_GET['totalRows_WADAjob'])) {
$totalRows_WADAjob = $_GET['totalRows_WADAjob'];
} else {
$all_WADAjob = mysql_query($query_WADAjob);
$totalRows_WADAjob = mysql_num_rows($all_WADAjob);
}
$totalPages_WADAjob = ceil($totalRows_WADAjob/$maxRows_WADAjob)-1;
?>

So, go figure

I applied a different template to the page. Modified the Recordset. Reapplied the right template to the page and it seems to be fixed.

So, if we can get the redirects working correctly, and fix the delete page so that we don't have to hit the delete button twice to get it to delete, I think we might call it a day.

Any suggestions?

Robin

I thought it might be an issue with the template you were using.

Try adding a die statement immediately after the header() call that redirects.

It is possible that an error later in the page is somehow disrupting. You might need to post a support incident so somebody can debug this with you directly. It is very difficult to walk someone through debugging a problem that I admittedly don't really know why it is happenning.

Well, you learn something new every day! Just got a reply on this from tech support. Apparently blank lines in your code can cause problems. Once I deleted the blank lines the pages worked properly.

Thought others might like to know.

Thanks again Ray for all your help today. It's really great you are here to help us all.