beginning_php thread: Limit users to see only one record
Message #1 by aodor@c... on Thu, 5 Sep 2002 23:26:07|
Is it possible to limit the users of a database to see and edit only one
I'm building an intranet directory and I want teh users to be able to see
all records, but to modify only their own record.
I'm using PHP and MySQL (most recent stable releases under Win2000, IIS)
Alberto Odor, MD
Message #2 by "Nikolai Devereaux" <yomama@u...> on Thu, 5 Sep 2002 15:29:41 -0700|
Yes.. what your asking is basically how to implement permissions or
capabilities checking in your application.
A simple approach would be to only generate the edit link for the user who's
user id matches the id of the row in the directory database.
Typically, I like to store most user information like that in session vars.
if($current_user_id == $row['user_id'])
// display edit link.
Make sure you check the user id's on the receiving end of the form as well,
since you don't want anyone to spoof the edit link and edit other people's