Security Assist Rule User Is Owner ie user is logged in as the owner of the record

I am getting this error with my rule that I created to only allow the owner of the record to access the page ie.
Page url and log in credentials to duplicate error are in private message as well as FTP.
I have a backup of the helpergrouprules.php on the server.

/security_assist/helpergroupsrulesphp.php:41 Stack trace: #0 /homepages/26/d861213362/htdocs/outdoortradersmarket/webassist/security_assist/helper_php.php(466): WA_Auth_GetComparisonsForRule('user is owner') #1 /homepages/26/d861213362/htdocs/outdoortradersmarket/webassist/security_assist/helper_php.php(461): WA_Auth_RuleObject_EvaluateRules('user is owner') #2 /homepages/26/d861213362/htdocs/outdoortradersmarket/user-profiles/user-update.php(26): WA_Auth_RulePasses('user is owner') #3 {main} thrown in /homepages/26/d861213362/htdocs/outdoortradersmarket/webassist/security_assist/helpergroupsrulesphp.php on line 41

Line 41 is
case "user is owner":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['SecurityAssist_id']))?$_SESSION['SecurityAssist_id']:"") ."", 1, "".($WADAtbl_directorylistings_update->getColumnVal("id")) ."");
$comparisons[1] = array(FALSE, "".((isset($_SESSION['SecurityAssist_id']))?$_SESSION['SecurityAssist_id']:"") ."", 2, "".($WADAtbl_directorylistings_update->getColumnVal("id")) ."");
break;
case "Validated form":
$comparisons[0] = array(TRUE, "".((isset($_GET['invalid']))?$_GET['invalid']:"") ."", 2, "");
break;
}

You are referencing a Recordset in your rule... that won't work. What were you trying to do with this rule? Usually you save a session variable on login and compare that to an entered value in the rule.

I want the page to only be accessed and redirect to login IF the logged in user's id matched the session ID. If that is not possible, I guess I want the content of the page to only be visible IF the id matches the session id. So I assume I need to do that on the page rather than a security rule,

It is fine to check session values in the rules, just not Recordset values which don't exist on all pages.

I now have restricted access so that ONLY the owner of a record can update their info.

I added a show if rule on the page that actually only shows the content of the update page IF the session variable matches the userid (from the recordset) and apply another show if rule that if it does not match display a message "You may only update your own profile, if this is your profile, please log in"

I actually accomplished this and copied the code in the private message.
I copied the code from another website that we had done this on to my new page and adjusted recordset name. I did not find anything in the plug in interface to do this. (I did find a show if record is empty but not using the session variable.)

Is there something in the interface that I should be using or just copy and paste as I did below in private message.

That should work. Usually I filter the recordset with the userid from the session and that is how I restrict the access when I want a user to only be able to view their records. This is always done on the page and not in the security rules.

Thank You.

Can you please send an example of filtering the recordset with the userid from the session and that is how I restrict the access when I want a user to only be able to view their records?

I would think this would be something that should be applied to most all update pages.

You just add a sql parameter to your recordset:

WHERE UserIDColumn = sqlparam

Then define the sqlparam to be equal to the value in the session.

Then you can redirect if the recordset is empty (since that means they don't have access)