Save the creator id when creating apps and compare it, when editing, with the session user, and user tokem or whatever that allows you to "authenticate" the user editing
Sent from my iPhone On 18-10-2008, at 17:27, Cody Sortore <[EMAIL PROTECTED]> wrote: > > Thanks for the solution, I tested it and was very excited that it > works! Unfortunately with both solutions it also allows for someone > to put in their own secret id when creating an application. > > example: > > application 1 created with secret id 12345 > application 2 created with secret id 23456 > > now if creator of application 2 wants to edit application 1's page all > he has to do is > > www.testsite.com/applications/edit/1/23456/ > > And it allows him to edit it :-( I think I got way in over my head > with this idea. > > On Oct 18, 6:39 am, "Amit Badkas" <[EMAIL PROTECTED]> wrote: >> 2008/10/18 Amit Badkas <[EMAIL PROTECTED]> >> >> >> >> >> >>> 2008/10/18 Cody Sortore <[EMAIL PROTECTED]> >> >>>> I'm having a little bit of trouble getting a single item pulled >>>> from >>>> the database... for more information on the issue read my former >>>> post: >> >>>> http://groups.google.com/group/cake-php/browse_thread/thread/b858d27d >>>> ... >> >>>> I still haven't been able to figure it out though... this is what I >>>> currently have (after many failed attempts I finally just started >>>> trying whatever I could) >> >>>> if ($secretid != $this->Application->find('list', >>>> array('fields' => >>>> array('Application.secretid')))) { >> >>>> $this->flash(__('Secret ID Does not match >>>> what we >>>> have on file.', >>>> true), array('action'=>'index')); >> >>>> } >> >>>> Any light or help with the situation would be awesome. >> >>> - I think you should do if (in_array($secretid, >>> $this->Application->find('list', array('fields' => >>> array('Application.secretid'))))) >> >> - Or if you want to check if secret id exists in table or not then >> you can >> use code like $this->Application- >> >hasAny(array('Application.secretid' => >> $secretid)) to check if any record exists with given secret id or not >> >> -- >> Amit >> >> http://amitrb.wordpress.com/http://coppermine-gallery.net/http://cheesecake-photoblog.org/http://www.sanisoft.com/blog/author/amitbadkas > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
