Hi there,
I'm working on a traffic exchange site and since I'm very new I used this
login script :
http://miftyisbored.com/a-complete-login-and-authentication-application-tutorial-for-cakephp-2-3/
Everything works nicely. Based on that code I created a few pages ( Add
site, List sites, delete sites)
My problem is that anyone can delete the websites.( I'm sure this goes with
users - not tested yet )
public function delete($id = null) {
> if (!$id) {
> $this->Session->setFlash('Please provide a site id');
> $this->redirect(array('action'=>'index'));
> }
>
> $this->Site->id = $id;
> if (!$this->Site->exists()) {
> $this->Session->setFlash('Invalid site id provided');
> $this->redirect(array('action'=>'index'));
> }
> if ($this->Site->saveField('status', 0)) {
> $this->Session->setFlash(__('Site deleted'));
> $this->redirect(array('action' => 'index'));
> }
> $this->Session->setFlash(__('Site was not deleted'));
> $this->redirect(array('action' => 'index'));
> }
>
This is the code. I tried adding a condition but couldn't make it work.
I also tried a very old solution :
if($this->Site->user = $this->Session->read('Auth.User.id')){
>
> // code
>
> }else{
> echo"die";
> }
>
But another fail.
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.
