close ad
 
Important WebAssist Announcement
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Securing URL links

Thread begun 3/15/2011 3:25 am by Blikbrein | Last modified 3/15/2011 7:11 am by Jason Byrnes | 981 views | 1 replies |

Blikbrein

Securing URL links

I'm trying to use SecurityAssist to secure individual user items in a database. Users upload ideas and each idea has a ID. The ideas_detail.php shows the detail after it has been uploaded.

This ID is displayed in the url when a user goed to the detail, delete, update pages. A user may not view another's ideas. One can easily do this by replacing the ID in the string in the url.
How can I use Security Assist to deny access if the logged in user's ID is not valid UserID to view specific IdeaID's. Simplification of my table structure:

UserTable - > UserUserID, UserUsername, UserUserPassword
IdeaTable - > IdeaIdeaID, IdeaUserID, IdeaIdeaDetails

I used SecurityAssist's wizard to create a login page, so I have a Session Variable UserUserID to then compare to the IdeaUserID from a recordset that filters the records by IdeaID used in the url.

When setting up the rule in Security Assist it does not allow access to the pages.

Is there a thread/help file for this somewhere because I believe it's a very general enquiry for securing files from other users.

Thank you in advance

Sign in to reply to this post

Jason ByrnesWebAssist

edit the recordset on the detail page.

add another where clause to the recordset to include the IdeaUserID column:


AND IdeaUserID = paramUserID

then create a new parameter:
Name: paramUserID
Type: Number
default value: -1
Runtime Value: $_SESSION['UserUserID']


this way the record will only show if the IdeaUserID has the logged in users id.

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...