ckroon
Posts: 869
|
| Posted: 07/31/2007, 8:36 PM |
|
Hi all.
I have a classlist table that lists the student data and the teacher_id of the teacher assigned to them.
I have several other tables where data is created/updated, and these are keyed by the student_id.
Here is the issue. I have a component where the grid displays the list of students, from the classlist table, filtered by the Where teacher_id=USerID. No problem.
I have a link that takes the user to a different page, passing the student_id variable via URL along with it. On this new page, a new record is created or updated using the ccgetfromget(student_id) Easy.
Now, I need to stop people from playing with the URL and manually typing in another student ID number.
I was hoping for a smoother,easier way other than tying the classlist table to this table, and doing a "Where classlist.student_id = USerID because that means I would have to do Custom inserts and updates as well and that would mean a lot of work.
Is there a quick and dirty way to stopping teachers (who all have the same user access level btw) from looking at other students records?
The docs refer to task id's but that doesn't really apply here..?
_________________
Walter Kempees...you are dearly missed. |
 |
 |
ReneS
Posts: 225
|
| Posted: 08/01/2007, 3:15 AM |
|
Hi,
Using sessions would be an option i guess. So teachers log in, start session, then it will show only those records that are tied to the logged in teacher.....
Rene
|
|
|
|
wkempees
|
| Posted: 08/01/2007, 3:51 AM |
|
Quote :
> I have a classlist table that lists the student data and the teacher_id of
> the
> teacher assigned to them.
>
> I have several other tables where data is created/updated, and these are
> keyed
> by the student_id.
>
.......
> I have a link that takes the user to a different page, passing the
> student_id
> variable via URL along with it.
.......
> Now, I need to stop people from playing with the URL and manually typing
> in
> another student ID number.
........
> Is there a quick and dirty way to stopping teachers (who all have the same
> user
> access level btw) from looking at other students records?
........
BeforeShow of the receiving page:
global $Redirect;
if (CCDLookup("teacher_id", "classlist", "student_id =" .
ccsInteger(CCGetFromGet("stud_id",0)), $DBConnection1) != CCGetUserID() ){
//
// Do something here like redirecting to a 404 page, or back to index.php
$Redirect = "index.php"; // or let the redirect unchanged which should
take the back to the grid they came from (not sure)
//
}
You asked for Q&D.
I redirect playful users back to where they came from without any message.
I don't want to educate them as to what is happening.
preferrably this should be a function if used often.
Walter
|
|
|
|
wkempees
Posts: 1679
|
| Posted: 08/01/2007, 4:15 AM |
|
global $Redirect;
global $DBConnection1;
$student_id = CCGetParam("stud_id", "");
if ($student_id != 0 && CCGetUserID() != CCDLookUp("teacher_id", "classlist", "student_id=".
$DBConnection1->ToSQL($student_id, ccsInteger), $DBConnection1))
{
$Redirect = "nameofreturnpage.php"; //
}
this is the example ammended to your situ.
change "nameofreturnpage.php and reread the example to see this is in AfterInitialize page
Walter
_________________
Origin: NL, T:GMT+1 (Forumtime +9)
CCS3/4.01.006 PhP, MySQL .Net/InMotion(Vista/XP, XAMPP)
if you liked this info PAYPAL me: http://donate.consultair.eu
|
|
|
|
datadoit.com
|
| Posted: 08/01/2007, 6:35 AM |
|
If you're on Apache, look at mod_rewrite for simply masquerading the URL.
Another method is the use of iframes, where your navigation menu and
main content are in separate hidden frames.
|
|
|
|
ckroon
Posts: 869
|
| Posted: 08/01/2007, 8:08 AM |
|
Sweet guys, thanks!
Walter, will be using your code.
Data, I tried an iframe and couldn't get it to work, I iframed the index.php page so that everything was in it, but I couldn't get the page to grow vertically as the pages required it. Perhaps this wasn't the way to do it?
Can I write iframes directly into the codecharge html? This would be a nice addition to the next update!
Thanks for all the input!
_________________
Walter Kempees...you are dearly missed. |
|
|
|
ckroon
Posts: 869
|
| Posted: 08/01/2007, 8:08 AM |
|
Sweet guys, thanks!
Walter, will be using your code.
Data, I tried an iframe and couldn't get it to work, I iframed the index.php page so that everything was in it, but I couldn't get the page to grow vertically as the pages required it. Perhaps this wasn't the way to do it?
Can I write iframes directly into the codecharge html? This would be a nice addition to the next update!
Thanks for all the input!
_________________
Walter Kempees...you are dearly missed. |
|
|
|
datadoit.com
|
| Posted: 08/01/2007, 8:32 AM |
|
ckroon wrote:
> Sweet guys, thanks!
> Walter, will be using your code.
> Data, I tried an iframe and couldn't get it to work, I iframed the index.php
> page so that everything was in it, but I couldn't get the page to grow
> vertically as the pages required it. Perhaps this wasn't the way to do it?
> Can I write iframes directly into the codecharge html? This would be a nice
> addition to the next update!
>
> Thanks for all the input!
>
> ---------------------------------------
I haven't conquered the vertical issue either yet. Haven't really given
it any time though. I just pick a number guestimated on how big I think
the called page will be (ex: 768px). Leave the scroll bars set at 'auto'.
The way I write in iframes is to place a CCS label control where I want
the iframe to reside, then in the control's BeforeShow, do something like:
$Component->SetValue("<iframe name='main'
src='index_mainframe_overview.php' width='100%' border='0'
frameborder='0' height='768'>Your browser does not support inline frames
or is currently configured not to display inline frames. </iframe>");
Make sure the label control's content is set for HTML.
|
|
|
|
|
