Securing URL links
I'm trying to use SecurityAssist to secure individual user items in a database. Users upload ideas and each idea has a ID. The ideas_detail.php shows the detail after it has been uploaded.
This ID is displayed in the url when a user goed to the detail, delete, update pages. A user may not view another's ideas. One can easily do this by replacing the ID in the string in the url.
How can I use Security Assist to deny access if the logged in user's ID is not valid UserID to view specific IdeaID's. Simplification of my table structure:
UserTable - > UserUserID, UserUsername, UserUserPassword
IdeaTable - > IdeaIdeaID, IdeaUserID, IdeaIdeaDetails
I used SecurityAssist's wizard to create a login page, so I have a Session Variable UserUserID to then compare to the IdeaUserID from a recordset that filters the records by IdeaID used in the url.
When setting up the rule in Security Assist it does not allow access to the pages.
Is there a thread/help file for this somewhere because I believe it's a very general enquiry for securing files from other users.
Thank you in advance