close ad
Install the LAtest Updates to Work with CC 2017 and CC 2018
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Logged in as directory owner di matches

Thread began 8/16/2013 1:32 pm by jo271221 | Last modified 8/18/2013 9:36 pm by jo271221 | 662 views | 4 replies |

jo271221

Logged in as directory owner di matches

I want to secure pages the VerifyListing.php so that only the owner can update the listing. I attempted to write the rule Logged in as Directory Id Matches however it is not allowing me to access the page even when I am logged in, it brings me to the log in page. I have attached the VerifyListing page, security assist pages, login and site access for CommunityHotline.com
Thank You!

Sign in to reply to this post

Jason ByrnesWebAssist

you can t use a recordset value in a security assist access rule.


instead, edit the recordset on the verifiy listing page and add an additional where clause to check the ID column agains the directoryid session variable.

that way if they try to access a record that is not theres, it will return an empty recordset.

Sign in to reply to this post

jo271221

check the ID column agains the directoryid session variable.

Thank You.

I am unsure how to edit the recordset on the verifiy listing page and add an additional where clause to check the ID column against the directoryid session variable.

I think I am doing it somewhat as it passes the correct user id and content into the form. But I am not understanding how this works.
I am working on the attached accounts/verifyListingFW.php file
Line # 4
Line #59
<?php
$Paramid_WADAtbl_directorylistings = "-1";
if (isset($_GET['id'])) {
$Paramid_WADAtbl_directorylistings = $_GET['id'];
}
mysql_select_db($database_community, $community);
$query_WADAtbl_directorylistings = sprintf("SELECT id, businessname, firstname, lastname, email, city, fldstate, userid, userpassword, verifieddate FROM tbl_directorylistings WHERE id = %s", GetSQLValueString($Paramid_WADAtbl_directorylistings, "-1"));
$WADAtbl_directorylistings = mysql_query($query_WADAtbl_directorylistings, $community) or die(mysql_error());
$row_WADAtbl_directorylistings = mysql_fetch_assoc($WADAtbl_directorylistings);
$totalRows_WADAtbl_directorylistings = mysql_num_rows($WADAtbl_directorylistings);
?>

Sign in to reply to this post

Jason ByrnesWebAssist

edit the recordset using advanced view.


change the where clause:
WHERE id = Paramid

to:
WHERE id = Paramid AND id = Paramdirectoryid

in the variables section, add a new variable as:
Name: Paramdirectoryid
Type: integer
default Value: -1
Runtime Value: $_SESSION['directoryid']

you may need to add the following code at line 1 for the session to work:

php:
<?php @session_start(); ?>
Sign in to reply to this post

jo271221

recordset to only show to logged in user, show if

That worked great! Then I added a show if record exist to the form and a link to the log in page with a message if a record does not exist.
Thank You!

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...