SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Addict brain's Avatar
    Join Date
    Sep 2001
    Location
    Amsterdam
    Posts
    249
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to use same updating file by different users with different acces ??

    I have different users on my site and they all have an own subdirectory with a company_details.php file. Generated from a MySQL database.

    Now I want only one update.php file for all that users so that they can change their content.
    User that has the page company_details.php?ID=1 as his homepage must have acces to update.php?ID=1. User that has the page page company_details.php?ID=2 must have acces to update.php?ID=2 etc etc.

    Now I've made a login that redirects to update.php?ID=$username (username filled in at form in login.php). But when you've logged in you can change what's behind ID to whatever you want to acces the other update pages.

    PS: I'm using DW UltraDev (with Phakt extension)
    Last edited by brain; Oct 4, 2001 at 03:14.

  2. #2
    epsilon transition cupid's Avatar
    Join Date
    Aug 2001
    Location
    Kent, Ohio
    Posts
    367
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's one possible solution:

    After login.php (which I assume authenticates by comparing username/password in the database), you can set a cookie with the id or username as its value.
    For example:

    PHP Code:
    setcookie("USER",$username,30); 
    Then in update.php, do something like this to make sure that they're the same user:

    PHP Code:

    //$USER here is the cookie value
    if ($USER != $username) {
       echo 
    "You do not have access to update this user";
       exit();


  3. #3
    SitePoint Addict brain's Avatar
    Join Date
    Sep 2001
    Location
    Amsterdam
    Posts
    249
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, but after they have acces they can change the ID after e.g. update.php?ID=3 to e.g. update.php?ID=4 and then have acces to the page. Am I wright ?

  4. #4
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Can't you just pass the ID through sessions?

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature

  5. #5
    epsilon transition cupid's Avatar
    Join Date
    Aug 2001
    Location
    Kent, Ohio
    Posts
    367
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by brain
    OK, but after they have acces they can change the ID after e.g. update.php?ID=3 to e.g. update.php?ID=4 and then have acces to the page. Am I wright ?
    They can, but it won't work because the cookie value doesn't match the id value.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •