Jump to content

My Records are Deleting without Password

randyinla

By randyinla
in Custom Web Publishing

 Share

This topic is 3661 days old. Please don't post here. Open a new topic instead.

Recommended Posts

randyinla Enthusiast

randyinla

Posted
Posted

My permissions are set correctly with one Admin account with full access and one guest account with access to creating and editing only.  I am not getting a password prompt when I delete records so anyone can delete them.  Do I need a PHP validation code of some kind to require a password when deleting records?

Thanks!!

 

webko Experienced

webko

Posted
Posted

And which account are you logged in under?

And there is no Password prompt for Delete - it will just use the current login Privileges, and either show you the 'Are you sure you want to Delete', or not allow the Delete at all...

If you had the Deletion process in a script, then you can probably achieve this.... 

In general, a given user should either have Delete privileges, or not have them, rather than some hybrid of the two.

Cheers

Webko

And (with the new layout of the forum) I missed that this was a PHP question....

Over the web, I never allow delete. Too much chance of users accidentally killing stuff...

Use a ShowOnWebFlag field and mark that as N when they 'delete' something - include this field in all searches (to be excluded) - to the web users, it looks like it has been deleted, but it can easily be restored after they make a mistake...

Cheers

Webko

randyinla Enthusiast

randyinla

Posted
  • Author
Posted

Thanks Webko, how do I change which account I'm logged in under?  I guess I need the 'guest' account which has only 'edit and create' privilieges.  I don't want my clients deleting anything.  I'm looking into the ShowOnWebFlag field for different reasons.  I'm trying to find a way to send an email to myself when a client hits a submit button.

 

Thanks!

webko Experienced

webko

Posted
Posted

For web use, I generally create a separate 'web_user' account that doesn't have the Delete privilege, and use that in the config file for the API / FX for all web interactions. Web users will then only ever login with the special web_user account.

One other thing to remember with web requests - each and every one of them is also a new login to the system. You can switch users for different actions by referring to a different config file... But I avoid this in general, as it can become difficult to maintain.

So keep looking at a ShowOnWeb flag, and use it in all requests to exclude those that are flagged No

 

This topic is 3661 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept