2. PHPRunner General questions
  3. [SOLVED]   hide URL
This topic is locked
[SOLVED]

  hide URL

 		4/21/2011 3:36:14 PM
PHPRunner General questions
H
 horsey_kim author

One of the things a customer wanted was to allow people to register online, but they don't want them to have logins. Once they register they are not allowed to go back in. It is a one shot deal. However, during the process of registering, we have to generate the registration info from the add page - then send it to the edit page so they can pick a price to pay based on info from the add screen. The url displays: pages_edit.php?editid1=5
Since the edit screen is open to guest so that they can complete their registration. The url leaves an opportunity for them to edit the id number and see info from other records.
So if we can hide the url it would help with people not tampering, correct?
I am trying to figure out the best way around this without having people log in.
Any suggestions?
Admin 4/21/2011

Hiding URL is not reliable.
You need to verify permissions on the server side. There are several ways to do so.
For example, you can add an additional field to this table (isEditable) that would say if record can be edited or not. Set value of this field to 0 initially. Set it to 1 once record is edited and don't allow to edit it after that.
H
 		horsey_kim author 4/25/2011



Hiding URL is not reliable.
You need to verify permissions on the server side. There are several ways to do so.
For example, you can add an additional field to this table (isEditable) that would say if record can be edited or not. Set value of this field to 0 initially. Set it to 1 once record is edited and don't allow to edit it after that.


Great idea - thank you. I was making it too complicated.
T
 		Tempus_Erus 4/30/2011



Great idea - thank you. I was making it too complicated.
T
 		Tempus_Erus 4/30/2011





Apologies for the blank reply - hit the wrong button!
If you wanted to rewrite the url this can be done changing the hta access file, theres plenty written abouut this online. I often use to 'tidy up' a URL.
TE