View Full Version : Code help please

11-25-2008, 01:41 PM
I am testing an online shopping website. One problem I have found with it is that if I make an order and view that order, the address has orderid=54(for example) and if I change that number to 53 for example, that order will load and I can see them details, even if it isnt my order, which is bad obviously.

Does anyone know of any ways in which I can stop users from being able to see different users orders?


11-25-2008, 01:53 PM
One method would be to have users logged in to view their orders, and check if the order user matches the logged in user before displaying the order.

11-25-2008, 01:55 PM
+ if the user who logged in is an Admin, then display all orders to him.