Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › Data Bridge › SecurityAssist › Logged in as directory owner di matches

Logged in as directory owner di matches

Thread began 8/16/2013 10:32 am by jo271221 | Last modified 8/18/2013 6:36 pm by jo271221 | 1361 views | 4 replies |

8/16/2013 10:32 am | #1 jo271221

Logged in as directory owner di matches

I want to secure pages the VerifyListing.php so that only the owner can update the listing. I attempted to write the rule Logged in as Directory Id Matches however it is not allowing me to access the page even when I am logged in, it brings me to the log in page. I have attached the VerifyListing page, security assist pages, login and site access for CommunityHotline.com
Thank You!

8/16/2013 11:36 am | #2 Jason ByrnesWebAssist

you can t use a recordset value in a security assist access rule.

instead, edit the recordset on the verifiy listing page and add an additional where clause to check the ID column agains the directoryid session variable.

that way if they try to access a record that is not theres, it will return an empty recordset.

8/16/2013 12:59 pm | #3 jo271221

check the ID column agains the directoryid session variable.

Thank You.

I am unsure how to edit the recordset on the verifiy listing page and add an additional where clause to check the ID column against the directoryid session variable.

I think I am doing it somewhat as it passes the correct user id and content into the form. But I am not understanding how this works.
I am working on the attached accounts/verifyListingFW.php file
Line # 4
Line #59
<?php
$Paramid_WADAtbl_directorylistings = "-1";
if (isset($_GET['id'])) {
$Paramid_WADAtbl_directorylistings = $_GET['id'];
}
mysql_select_db($database_community, $community);
$query_WADAtbl_directorylistings = sprintf("SELECT id, businessname, firstname, lastname, email, city, fldstate, userid, userpassword, verifieddate FROM tbl_directorylistings WHERE id = %s", GetSQLValueString($Paramid_WADAtbl_directorylistings, "-1"));
$WADAtbl_directorylistings = mysql_query($query_WADAtbl_directorylistings, $community) or die(mysql_error());
$row_WADAtbl_directorylistings = mysql_fetch_assoc($WADAtbl_directorylistings);
$totalRows_WADAtbl_directorylistings = mysql_num_rows($WADAtbl_directorylistings);
?>

8/16/2013 1:13 pm | #4 Jason ByrnesWebAssist

edit the recordset using advanced view.

change the where clause:
WHERE id = Paramid

to:
WHERE id = Paramid AND id = Paramdirectoryid

in the variables section, add a new variable as:
Name: Paramdirectoryid
Type: integer
default Value: -1
Runtime Value: $_SESSION['directoryid']

you may need to add the following code at line 1 for the session to work:

php:

<?php @session_start(); ?>

8/18/2013 6:36 pm | #5 jo271221

recordset to only show to logged in user, show if

That worked great! Then I added a show if record exist to the form and a link to the log in page with a message if a record does not exist.
Thank You!

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.