Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Feb 2006
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Code help please

    I am testing an online shopping website. One problem I have found with it is that if I make an order and view that order, the address has orderid=54(for example) and if I change that number to 53 for example, that order will load and I can see them details, even if it isnt my order, which is bad obviously.

    Does anyone know of any ways in which I can stop users from being able to see different users orders?

    Thanks

  • #2
    Senior Coder gnomeontherun's Avatar
    Join Date
    Sep 2007
    Location
    Houston
    Posts
    2,846
    Thanks
    10
    Thanked 238 Times in 229 Posts
    One method would be to have users logged in to view their orders, and check if the order user matches the logged in user before displaying the order.
    jeremy - gnomeontherun
    Educated questions often get educated answers, and simple questions often get simple answers.

  • #3
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,851
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    + if the user who logged in is an Admin, then display all orders to him.
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •