How to validate the authority of the contents when update

We click edit button in the list page when we want to revise some contents, and it will go to detail page with id that I set Insert, update, delete function by wizard, but if I change the id by myself, it showed other person's contents, and I can revise it successful, how to prevent that.

I use POST to call problematic forms, which should be the default! I call a query to check that the current login_id is the owner of the form to be updated, if not, redirect back to the previous page.
In addition to login_id I think there should be a session hash passed in the post variables, and this should be checked in the same way. (See techniques for preventing CSRF hack techniques, it is the same principal)
// GWB Restrict access to current user
if (isset($_POST['uniqueid'])) {
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'includes/nxt/back.php';
if ($_SESSION['kt_login_id'] != $row_rs_CheckCurrentUser['ua_UniqueID']) {
$extra = '../includes/nxt/back.php';
mysql_free_result($rs_CheckCurrentUser);
header("Location: http://$host$uri/$extra");
exit;
// End GWB Restrict access to current user

Similar Messages

  • How to Validate a User on the click of a button in Oracle APEX

    Hi,
    How to Validate a User on the click of a button in Oracle APEX.
    say for e.g: I want to allow only a specific user to go beyond after clicking on a button and restrict all the other Users. Any ideas please.
    Thanks in Advance,
    Af

    Well , the actual idea was to hide the button for specific users and show the button only for some specific users... is this possible...?
    @ AndyH: yeah, what you have suggested also fits well for my requirement... Could you please let me know how can i achieve it...
    Regards,
    Af

  • How to validate input fields as the user is filling up a form with jQuery?

    Hello EA friends.
    Someone has experimented on how to validate input fields as the user is filling up a form with jQuery?, if the field is numeric and insert an A for example, an alert appears showing "insert a number" or not allowed to enter anything until a number is entered.
    Thanks and regards.
    Fer

    Hi Sudeshna.
    Sorry for not responding on time, how can I be included in this code?
    sym.setVariable("typeActivity", "input")
    var Element_1=document.createElement(typeActivity);
    $(Element_1).css({"text-align": "center"});
    //Answer
    sym.setVariable("Answer_1", "4");
    sym.$("box_1").append(Element_1)
    This code is on my creationComplete and it works fine.
    Would greatly appreciate your help.
    Regards.
    Fer García

  • I have a Shockwave Error: "This Shockwave movie has errors that have caused playback problems.  Please contact the author of this content regarding this problem.   Shockwave is unable to continue."  What I can make ?

    I have a Shockwave Error: "This Shockwave movie has errors that have caused playback problems.  Please contact the author of this content regarding this problem.   Shockwave is unable to continue."  What I can make ?

    This is some built-in "protection" that was engineered into Shockwave some years ago. It means that SW will ignore the first 10 script errors then throw the dialogue you are seeing. You really will have to contact the developer of the content in question to have it fixed - there's nothing anyone else can do. The developer needs to replicate your error, determine the cause, rectify it and republish their movie

  • How does the author increase the number of response

    how does the author increase the number of responses

    Hi,
    Could you please clarify your question?
    Do you want to manually add response into Response table? Or it already reached your quota? 
    Thanks,
    Ying

  • How can I show author and the time of a cell comment (not the annotation) in FRS?

    I have FRS report in which one of the columns is displaying comments entered for the data cells in Planning. Using CelText() I can show the comments them selves, but not the Author and the Date (which are visible when you select Comments in the Planning web form or SmartView). I tried the Annotation() but its not working (as expected).
    Am I missing some other function, un-documented feature, or an argument here?
    Thanks,
    M. Sladic

    Hi,
    Can you please use the CellText as annotation function in FR Studio.
    The steps:
    1) Add planning comment with admin account using planning interface.
    2) Display as Annotation option is checked in Studio.
    3) When the report is run in web viewer this planning comment is shown as a read-only cell-text annotation the author is admin
    regards,
    Harish.

  • How to control the authority of measuring point when creating

    hi,expert
    I want to control the authority of the measuring point when creating the measuring point in Ik01.That is I can check the authority object of the measuring point object (equipment of function location) when I create .The sandard system can only provide the authority check of T-CODE and AuthorizGroup. On the other hand there is no customer-exit to do this .Please give me a solution .
    Thank you
    Edited by: Fengxi Zhao on Dec 17, 2008 8:35 AM

    Dear Sir
    Can you clearify the requirement in detailed? What exactly you want to prevent & You want to authorise for ??
    Regards

  • HT4623 how do i get past error code 4005 when updating to iphone 6 on itunes

    how do i get past error code 4005 when updating to iphone 6 on itunes

    Try the troubleshooting for that error code on this page : iOS: Restore errors 4005, 4013, and 4014.

  • I am getting an error saying "This Shockwave movie has errors that have caused playback problems. Please contact the author of this content regarding this problem. Shockwave is unable to continue." what do I do about this?

    I don't know how to go about fixing this.

    Like the error message says, you need to contact the author so that they can reproduce, diagnose and correct the error/s. The movie in question was served by some URL so try starting there

  • How to validate an item before the next item in block?

    I am new to forms. I want to validate order_id field if it does not exist it will alert the user whether he wants to create a new record? if it exists it should populate the form. I tried when_item_validate trigger but is not working.
    Can anybody help me?

    when u leave the order_id field, the when_validate_item trigger should fire. try running on the debug mode and see if it goes on the trigger. it might be that it is ur code that is not working and not the trigger itself.

  • I can't download firefox. When I click on run, I get a window saying that the author is unknown. When I click on run in the new window, another window says the file is corrupt. What can I do about this?

    I want to have firefox as my default browser. As this is a new laptop, I hasve to download firefox. As per the instructions, I click on "run" to complete the download, but instead of completing the download, a window appears which says that the author is unknown. If I ignore the window and click on run, I get another window which says the file is corrupt and I can't finish the download and have firefox as my browser.
    I have windows 7 and explorer is the default browser and I want to change to firefox, but so far am being prevented from doing so. How can I successfully download firefox?

    It is possible that your anti-virus software is corrupting the downloaded files or otherwise interfering with downloading files by Firefox.
    Try to disable the real-time (live) scanning of files in your anti-virus software temporarily to see if that makes downloading work.
    See also:
    * http://kb.mozillazine.org/Unable_to_save_or_download_files

  • Can a dequeued message be under the authority of the queuing user ?

    Hello,
    I am testing AQ on an 11.2.0.1.0 database and I am missing something...
    Here is my test case:_
    1) I have a queue created in COM_OWNER account. I created a callback procedure with dbms_aq.register. This procedure just create a row into log table.
    2) The user FBOUCHER issue a dbms_aq.enqueue.
    3) I query the log table. The row was created by SYS ??.
    Can my callback procedure run under the authority of FBOUCHER instead of SYS ?
    I specified "authid current_user" for my callback package and used USER to insert into log table.
    Thanks for your help.
    Here is my complete test case:*
    Following scripts are run from COM_OWNER Oracle user on a 11.2.0.1.0 database.
    create or replace package test_aq authid current_user is
    procedure getmessage(context in raw, reginfo in sys.aq$_reg_info, descr in sys.aq$_descriptor, payload in RAW, payloadl in number);
    end;
    create or replace package body test_aq is
    procedure getmessage(context in raw, reginfo in sys.aq$_reg_info, descr in sys.aq$_descriptor, payload in RAW, payloadl in number) is
    begin
    insert into log values ('notification received', sysdate, user );
    commit;
    end;
    end;
    declare
    l_reg_info_list sys.aq$_reg_info_list;
    begin
    dbms_aqadm.stop_queue(queue_name => 'TEST_QUEUE');
    dbms_aqadm.drop_queue(queue_name => 'TEST_QUEUE');
    dbms_aqadm.drop_queue_table(queue_table => 'TEST_QUEUE_TABLE');
    dbms_aqadm.create_queue_table(queue_table => 'TEST_QUEUE_TABLE', queue_payload_type => 'RAW', multiple_consumers => FALSE);
    dbms_aqadm.create_queue(queue_name => 'TEST_QUEUE', queue_table => 'TEST_QUEUE_TABLE') ;
    dbms_aqadm.start_queue(queue_name => 'TEST_QUEUE', enqueue => TRUE, dequeue => TRUE) ;
    dbms_aqadm.grant_queue_privilege(privilege => 'ENQUEUE', queue_name => 'TEST_QUEUE', grantee => 'MAJ_COM');
    execute immediate 'drop table log';
    execute immediate 'create table log(text varchar2(2000), date_creation date, usager_creation varchar2(30))';
    execute immediate 'drop public synonym log';
    execute immediate 'create public synonym log for com_owner.log';
    execute immediate 'grant select, insert, delete on log to maj_com';
    execute immediate 'drop public synonym test_aq';
    execute immediate 'create public synonym test_aq for com_owner.test_aq';
    execute immediate 'grant execute on test_aq to maj_com';
    l_reg_info_list := sys.aq$_reg_info_list(sys.aq$_reg_info('COM_OWNER.TEST_QUEUE', DBMS_AQ.NAMESPACE_AQ, 'plsql://COM_OWNER.TEST_AQ.GETMESSAGE?PR=0', hextoraw('FF')));
    dbms_aq.register(l_reg_info_list, 1);
    end ;
    Following scripts was run from a user schema (FBOUCHER). This user has MAJ_COM role.
    declare
    msg RAW(500) ;
    enq_opts dbms_aq.enqueue_options_t ;
    msg_props dbms_aq.message_properties_t ;
    begin
    dbms_aq.enqueue(queue_name => 'COM_OWNER.TEST_QUEUE', enqueue_options => enq_opts, message_properties => msg_props, payload => hextoraw('FF'), msgid => msg) ;
    commit ;
    end ;
    /* Next check to see if notification was received.
    It was received but within the authority of SYS...
    SQL> select * from log;
    TEXT DATE_CREATION USAGER_CREATION
    notification received 2009-11-15 12 SYS
    SQL>

    No. LabVIEW is available for Windows, Mac, Sun, and Linux. Every binary is unique to the OS. You can try to convince NI to create a LabVIEW version for VX Works but I don't think you'll get very far. Sorry.

  • HT201210 the iphone 3g stopped work when updated to os6, is this happening to everyone?

    my iphone 3gs stopped working when updating to OS6

    Quick question, are you positive the 3GS is supported by IOS 6?

  • ICloud - how to validate what is in the Cloud

    I am a user of SONOS for home entertainment. SONOS leverages content in my iTunes library
    I recently noticed that my SONOS Library did not contain all of my iTunes library. When I asked SONOS why this might be they pointed me at the fact that some of my content was uploaded in DRM protected format. The recommendation was to delete the music from my library and re-import from iCloud in none DRM format as documented here:
    http://support.apple.com/kb/HT1711
    Before removing something from my library I wanted to check that there was indeed a copy in iCloud and that is where I am struggling
    How can I check the music I have in iCoud ?
    Thanks

    So I deleted STARLINGS by ELBOW....how do I now pull back an unrestricted copy from the Cloud ?

  • How to validate date fields in the flash form

    i want to validate the date fields to make sure the values
    are not greater than today's date and from-date is less than or
    equal to to-date in the flash form. Does the actionscript have a CF
    DateDiff function for the validatation?
    Thanks

    I finally (after much reading up on actionscript) figured out
    my problem with date validation...which was similar to yours...
    I posted the solution I found for my AS date validation issue
    here:
    http://www.adobe.com/cfusion/webforums/forum/messageview.cfm?catid=22&threadid=1232361
    I hope it helps!!!

Maybe you are looking for

  • Powershell to add/delete content type to particular library alone in a site collection

    Hi, I am trying to add and delete content type from a particular picture library (site collection) using powershell. I have tried the below, but it is not working. Below scenarios are not working: 1) If the content type to be added is there in librar

  • Skipping to a specific place in a recursive function

    I wrote a recursive function that recurses Adding times, then calls go (). The entire function will call go () billions of times. When I call this function, I want to only run go () 5,000,000 times. It should run the first 5,000,000 go's if the Part

  • Finder Flashing Black

    Every time I close system preferences my finder window blinks or briefly flashes black on the desktop. Not solid black, but black with colored bars (specks) in it. This also happens occasionally after other finder operations. Almost like the finder i

  • Toplink SP Feature query

    Hi, I am in the process of implementation of Toplink in my project. Was curious when I read that Toplink supports platform independent stored procedures and functions. Can someone throw some light on this ? Any responses would be greatly appreciated

  • Problem while compiling the Device Driver source code onSolaris 8 intel pla

    Hello! We are writing Device Driver for PCI (PMC) based HS serial communication card on Solaris 8(intel edition).The Processor used is Celeron/Pentium III. We are facing following problems. 1) Kindly let us know the cc compiler options for xarch=isa.