Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming changing url to edit other account
changing url to edit other account
  • El Forum
    Guest
  •  
#1
11-19-2010, 11:06 PM

[eluser]nir[/eluser]
Hello All,

i am trying to prevent from users to edit other users account information if they change the user id in the URL, for example:
http://www.website.com/edit/1
if they change the number/ID to http://www.website.com/edit/2, they can edit other users account's information.

thanks in advanced,
nir
  • El Forum
    Guest
  •  
#2
11-20-2010, 12:38 AM

[eluser]Circuitbomb[/eluser]
You need to setup sessions when the user logs in and ensure they are checked when the user tries to access an editing page like this.

Without a session/authorization type of system in place CodeIgniter, or PHP for that matter, will not differentiate who access' the page, and wont make any attempt at keeping an enforcement policy for that matter.




Theme © iAndrew 2016 - Forum software by © MyBB