CodeCharge Studio
search Register Login  

Visual PHP Web Development

Visually Create Internationalized Web Applications, Web Reports, Calendars, and more.
CodeCharge.com

YesSoftware Forums -> CodeCharge -> Tips & Solutions

 Check Data Ownership for Users who have Edit Access

 Print topic Send topic

Author Message
Steven

Posts: 15
Posted: 08/09/2004, 5:31 AM
I thought since this forum was empty i would post a few things into it which I still use most days in CodeCharge


this is a simple check to see whether the person trying to edit an item actually owns the item they are trying to edit

its stops people editing other peoples posts

this example is from a script i have running where a everyone has edit access to their own postings

  
  
if ($fldnews_id !=null)  
   {  
   $ownercheck = get_db_value("SELECT user_id FROM swap_listings WHERE swap_id=".tohtml(get_param("swap_id")) );  
  
// this gets the user_id recorded in the database  
// for the person who made the original posting  
// i always add user_id into all my database fields  
// so that later i can check who made the postings  
// who edits them, updates them etc  
  
   $usernamecheck = get_db_value("SELECT user_id FROM users WHERE user_id=". get_session("UserID"));  
  
// this isnt really needed the next line could just check   
// against the get_session("UserID"), but i do sometimes  
// use in the messages the username, so its sometimes   
// used by me to grab the username of the person online  
  
         if ($ownercheck != $usernamecheck )  
              {  
             echo "<br><hr><br><center>Sorry but your trying to edit a Database Record that doesnt seem to belong to your account<br>";  
            echo "an event log has been made of the access attempt, and has been emailed to the <a href=\"mailto:steven.dowd@dowd.co.uk\">Steven Dowd</a> <br>";  
            echo "<br><hr><br>If you feel there is an error and you should have access to that particular Record then please email <a   
href=\"mailto:steven.dowd@dowd.co.uk\">Steven Dowd</a><br><hr><br>";  
            Exit;  
  
          // just checkes the person who is trying to edit the data  
         // is actually the person who owns the data, if not  
        // they get this message  
  
                }  
    }  
  
  
//if they do own the data, I say nothing else, but as an extra  
//i use an active/not active 1/0 in an is_active data table  
  
 if ($fldis_active != 0 )  
  {  
  echo "<br><hr><br><center>Please note:  that you are about to edit a Swap Item that is Currently Active and being Displayed on the Website</center><br><hr><br>";  
  
  //so at this point i check that the data which is being edited  
  // is live or not, and warn them if its live and online viewable  
  
 }

Hope this is helpfull, will add some more later.

Steven Dowd
_________________
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

PHP Reports

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.