Jump to content

My Records are Deleting without Password


This topic is 3027 days old. Please don't post here. Open a new topic instead.

Recommended Posts

My permissions are set correctly with one Admin account with full access and one guest account with access to creating and editing only.  I am not getting a password prompt when I delete records so anyone can delete them.  Do I need a PHP validation code of some kind to require a password when deleting records?

Thanks!!

 

Link to comment
Share on other sites

And which account are you logged in under?

And there is no Password prompt for Delete - it will just use the current login Privileges, and either show you the 'Are you sure you want to Delete', or not allow the Delete at all...

If you had the Deletion process in a script, then you can probably achieve this.... 

In general, a given user should either have Delete privileges, or not have them, rather than some hybrid of the two.

Cheers

Webko

And (with the new layout of the forum) I missed that this was a PHP question....

Over the web, I never allow delete. Too much chance of users accidentally killing stuff...

Use a ShowOnWebFlag field and mark that as N when they 'delete' something - include this field in all searches (to be excluded) - to the web users, it looks like it has been deleted, but it can easily be restored after they make a mistake...

Cheers

Webko

Link to comment
Share on other sites

Thanks Webko, how do I change which account I'm logged in under?  I guess I need the 'guest' account which has only 'edit and create' privilieges.  I don't want my clients deleting anything.  I'm looking into the ShowOnWebFlag field for different reasons.  I'm trying to find a way to send an email to myself when a client hits a submit button.

 

Thanks!

Link to comment
Share on other sites

For web use, I generally create a separate 'web_user' account that doesn't have the Delete privilege, and use that in the config file for the API / FX for all web interactions. Web users will then only ever login with the special web_user account.

One other thing to remember with web requests - each and every one of them is also a new login to the system. You can switch users for different actions by referring to a different config file... But I avoid this in general, as it can become difficult to maintain.

So keep looking at a ShowOnWeb flag, and use it in all requests to exclude those that are flagged No

 

Link to comment
Share on other sites

This topic is 3027 days old. Please don't post here. Open a new topic instead.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.