Restrict page access to user logged in
I think I asked a similar question a while ago, but it doesn't seem to be working here.
Basically users can log in, and create tour itineraries associated with them.
So when they log in, they can view the itineraries they have added.
That's all working, but itineraries other than their own can be viewed just by changing the ID number at the end of the URL.
I've added:
AND UserID = ParamUserID
to the recordset, and added the variable:
ParamUserID
Integer
-1
$_SESSION['SecurityAssist_UserID']
Which I thought was the solution, but its not working here.
I've attached a copy of the page.
Thanks again.