Steven
Posts: 15
|
Posted: 08/09/2004, 5:31 AM |
|
I thought since this forum was empty i would post a few things into it which I still use most days in CodeCharge
this is a simple check to see whether the person trying to edit an item actually owns the item they are trying to edit
its stops people editing other peoples posts
this example is from a script i have running where a everyone has edit access to their own postings
if ($fldnews_id !=null)
{
$ownercheck = get_db_value("SELECT user_id FROM swap_listings WHERE swap_id=".tohtml(get_param("swap_id")) );
// this gets the user_id recorded in the database
// for the person who made the original posting
// i always add user_id into all my database fields
// so that later i can check who made the postings
// who edits them, updates them etc
$usernamecheck = get_db_value("SELECT user_id FROM users WHERE user_id=". get_session("UserID"));
// this isnt really needed the next line could just check
// against the get_session("UserID"), but i do sometimes
// use in the messages the username, so its sometimes
// used by me to grab the username of the person online
if ($ownercheck != $usernamecheck )
{
echo "<br><hr><br><center>Sorry but your trying to edit a Database Record that doesnt seem to belong to your account<br>";
echo "an event log has been made of the access attempt, and has been emailed to the <a href=\"mailto:steven.dowd@dowd.co.uk\">Steven Dowd</a> <br>";
echo "<br><hr><br>If you feel there is an error and you should have access to that particular Record then please email <a
href=\"mailto:steven.dowd@dowd.co.uk\">Steven Dowd</a><br><hr><br>";
Exit;
// just checkes the person who is trying to edit the data
// is actually the person who owns the data, if not
// they get this message
}
}
//if they do own the data, I say nothing else, but as an extra
//i use an active/not active 1/0 in an is_active data table
if ($fldis_active != 0 )
{
echo "<br><hr><br><center>Please note: that you are about to edit a Swap Item that is Currently Active and being Displayed on the Website</center><br><hr><br>";
//so at this point i check that the data which is being edited
// is live or not, and warn them if its live and online viewable
}
Hope this is helpfull, will add some more later.
Steven Dowd
_________________
|