Anthony
|
| Posted: 08/27/2002, 11:31 AM |
|
Does anyone know the code that needs to be inserted in Before show event in order to check the passed value as shown below?
Thanks again!
Anthony
ccs 1.0.7.0 php4/templates
Quoted from Nicole in
http://www.gotocode.com/disc_viewt.asp?mid=12232
"In order to forbid users edit record belong to other user in case user just change the value of parameter passed through url you should check passed value in form Before Show event. Scenario: catch the passed value, look up corresponding user_id value and compare it to user_id stored in session. In case they are different, it means that user tried to access the record that belong to other user. In this case you can redirect him to any other page.
|
|
|
 |
Nicole
|
| Posted: 08/28/2002, 6:51 AM |
|
Anthony,
here is sample code. Create page After Initialize event:
$passed = CCGetParam("user_id", "");
$db = new clsDBconnection_name();
$looked_up = CCDLookUp("user_id", "users_table", "user_id=". CCGetSession("UserID"), $db);
if (strcmp($passed, $looked_up) != 0)
header("location: Page_name.php");
|
|
|
|
|
