Forums
This topic is locked
Problem with Users section - Any idea?
Posted 28 Aug 2001 11:23:40
1
has voted
28 Aug 2001 11:23:40 Ricardo Ribeiro posted:
Hi...Basically I had built an users zone. So, people register, people log in, people receive an autonumber ID. So, each user URL have his ID. People who's not registered can't access this area of the site.
Problem is that each registered member, after log in is able to enter other member zone and change contents. All it takes is changing the ID number on URL.
Any comments or possible solutions to this problem?
Replies
Replied 28 Aug 2001 12:11:25
28 Aug 2001 12:11:25 Owen Eastwick replied:
Are you using GET as the method on the form?
Try changing it to POST, it is not passed to the results page by appending it to the URL and is therefore invisible to the user.
Regards
Owen.
www.tdsf.co.uk/tdsfdemo
Try changing it to POST, it is not passed to the results page by appending it to the URL and is therefore invisible to the user.
Regards
Owen.
www.tdsf.co.uk/tdsfdemo
Replied 28 Aug 2001 23:24:01
28 Aug 2001 23:24:01 Joel Martinez replied:
not only that, but you may want to use a session variable to hold the userid... that'll keep em from changing it.
Joel Martinez [ ]
----------
set rs = conn.execute("SELECT answer FROM brain WHERE question = "& forumPost &"
'2nd place is just 1st Loser
Joel Martinez [ ]
----------
set rs = conn.execute("SELECT answer FROM brain WHERE question = "& forumPost &"
'2nd place is just 1st Loser