DeWebDude
|
| Posted: 12/02/2002, 4:07 PM |
|
How can I have a user login, and then only see records that are associated to that user ? AND make sure that the user can't put in another users ID and see there information.
Example
ToDo List, user Mike, and Bob
Mike Logs in w/his ID and Pass see's his todo stuff.
Same for bob.
But Mike knows the parameters passed to the db to show the information, so he passes Mikes ID and sees mikes to do stuff ( don't want that).
Finally Jorge is the leader, and he can select ALL records or any Users records, so How can I do this?
Thanks !
|
|
|
 |
RonB
|
| Posted: 12/02/2002, 4:31 PM |
|
I'd suggest setting another parameter with the login, maybe a timestamp and setting it as a sessionvariable. This parameter isn't know to anyone but generated automatically upon creation of the user account. Now you could guess a userid but it would be worthless if you didn't know the other parameter as well.
For users that need acces to all records you could use this parameter to regulate that. If jorge need acces to all records do a custum login and make sure his extra parameter is in the list of parameter that have acces.
Something like that anyway 
Ron
|
|
|
|
RG
|
| Posted: 12/02/2002, 5:19 PM |
|
If I understand your question correctly, there is already a solution in the CCS tutorial for this case. You need some custom code in the "After Initialize" event of the page. What you do is to compare the session variable "UserID" with the passed "UserID" in the URL. If they are not the same then you know that the passed "UserID" doesn't belong to the user that is currently logged in and you redirect the URL or set the page invisible etc.
Hope it helps!
|
|
|
|
RG
|
| Posted: 12/02/2002, 5:53 PM |
|
Oops, sorry, you are talking about CC not CCS!
The idea could be useful though.
|
|
|
|
|
