Okay, with the particular site I'm building a log in system isn't necessary, and people don't want it. The problem is that I want to allow the creator editing access still. People make mistakes, or may need to delete spam comments occasionally.
What I was thinking was to have a place when creating their page they put in a "secret id" that then goes into the database and what I want to do is so that the only way to access the edit page is to have that secret id in the url for example: http://www.testsite.com/inventory/edit/secretid/1/ I've actually got that working with this code: http://bin.cakephp.org/view/1344979601 and a view that has a hidden field for the secret id. Problem is with what I have anything in place of the secret id allows you to edit. Examples: http://www.testsite.com/inventory/edit/12345/1/ http://www.testsite.com/inventory/edit/iamahaxor/1/ http://www.testsite.com/inventory/edit/1/1/ will all allow you to edit inventory item number 1. Another annoyance I've noticed is that if you have an inventory number higher than what the table goes up to. Say with this one in test runs I've only got 3 inventory items to work with right now. If I put: http://www.testsite.com/inventory/edit/secretid/1337/ it simply adds another inventory item to the list... this like I said is only a minor nuisance and can be ignored, the important part is the data validation (which may be fix this trouble too). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
