ryzzo11
Reputation: 31
Cakephp2.0 URL ID can be changed to user make it so its not allowed
contorller- this is part where i am trying to figure out /form/edit/315 but i as a user can change to form/edit/316 and will see another users data. if anyone can that would be much appreciated!
if ($this->success === true) {
$this->Form->set($this->request->data);
if ($this->Session->id('id')!= $id) {
$this->redirect(array('controller' =>
'form', 'action' => 'home'));
$this->Session->setFlash(__('Not allowed'));
} else {
}
for user not allow to access other users data by changing id in the url
Upvotes: 1
Views: 39
Answers (1)
ryzzo11
Reputation: 31
Figured it out !
Had to set form.id = user.id, so only the owner can see the task they created otherwise will send elsewhere
if ($this->success === true) {
$Form = ClassRegistry::init('Form'); # Instantiation
$existingTask = $Form->find('first', array(
'conditions' => array(
'Form.id'=> $id,
'Form.user_id' => $this->Auth->user('id')
),
'recursive' => -1
));
if (empty($existingTask)){
$this->redirect(array('controller' => 'form', 'action' => 'home'));
$this->Flash->set('id not found');
}
}
Upvotes: 1
Related Questions
- Sum values from two columns in the group if not duplicate
- Group By Sum Multiple Columns in Pandas (Ignoring duplicates)
- how to sum values of third column where col1 col2 have duplicates in pandas
- How to sum values across groups without summing duplicates
- How to sum a column over unique values in two other column with Pandas?
- Pandas groupby and aggregate duplicates
- pandas: groupby 1 column, sum another, and get rid of duplicate rows
- Pandas: How to sum values in a column for duplicate rows
- Sum unique values by group with pandas
- Python: sum values of the third column if two columns have the same value