Forums

This topic is locked

Problem with Users section - Any idea?

Posted 28 Aug 2001 11:23:40
1
has voted
28 Aug 2001 11:23:40 Ricardo Ribeiro posted:
Hi...

Basically I had built an users zone. So, people register, people log in, people receive an autonumber ID. So, each user URL have his ID. People who's not registered can't access this area of the site.

Problem is that each registered member, after log in is able to enter other member zone and change contents. All it takes is changing the ID number on URL.

Any comments or possible solutions to this problem?

Replies

Replied 28 Aug 2001 12:11:25
28 Aug 2001 12:11:25 Owen Eastwick replied:
Are you using GET as the method on the form?

Try changing it to POST, it is not passed to the results page by appending it to the URL and is therefore invisible to the user.

Regards

Owen.


www.tdsf.co.uk/tdsfdemo

Replied 28 Aug 2001 23:24:01
28 Aug 2001 23:24:01 Joel Martinez replied:
not only that, but you may want to use a session variable to hold the userid... that'll keep em from changing it.

Joel Martinez [ ]
----------
set rs = conn.execute("SELECT answer FROM brain WHERE question = "& forumPost &"
'2nd place is just 1st Loser

Reply to this topic