close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Security Assist

Thread began 3/17/2010 8:51 pm by Gizza372666 | Last modified 3/19/2010 2:52 pm by Eric Mittman | 850 views | 3 replies |

Gizza372666

Security Assist

can you use Security Assist to overcome the following problem?
I have created a page that a user has to logon and by using URL parameter will navigate through pages and check/add/update/delete different fields that belong to this specific user (by using the UserID field)
UpdateBanner.php?UserID=<?php echo $row_WAATKusers['UserID'];?>

The problem I have is that if a user has ID 2 (UpdateBanner.php?UserID=2)
if this user type (UpdateBanner.php?UserID=3) on the address bar he/she will have access on the next record so he/she will be able to make changes on someone else’s record.
Can you please let me know if it is possible to overcome this issue? And how?
thanks

Sign in to reply to this post

Eric Mittman

Security Assist could help you to overcome this issue. With the Security Assist Authenticate User server behavior used to login a user you will have the ability to store any details from that users record in a session variable. By default it will try to create a session variable for the userID. So when you go from page to page you should not pass the userID over the URL but you should use this userID session variable instead.

So if you are storing the userID in a session variable called userID you would reference the user id like this instead of the get:

php:
$_SESSION['userID']
Sign in to reply to this post

Gizza372666

Job done!
I just managed to understand it.
Thank you very much.

Sign in to reply to this post

Eric Mittman

Glad to hear that. Let us know if you have any further questions.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...