You need to scope the update to only update the logged in user. That way when a user accesses the update action it will only allow them to update their own account.
For instance on the action to update a user fetch that user like so: public function update() { // This sets the logged in user as the user to update $this->User->id = $this->Auth->user('id'); Prepopulate form with logged in user details if (empty($this->data)) { $this->data = $this->User->read(); } // Save user else { if ($this->User->save($this->data)) { $this->Session->setFlash('Update successful.', 'default', array('class'=>'success')); $this->redirect(array('action'=>'view', $this->Auth- >user('id'))); } // There was an error else { $this->Session->setFlash('Errors while updating:', 'default', array('class'=>'error')); } } } If for some reason you need the functionality of passing in the user ID to the update action then do a check to see if the id passed in matches the logged in user, if not redirect and don't allow them to edit. So you modify the code above to have an if: public function update($id = null) { if ($id != $this->Auth->user('id')) { // User is accessing someone else's profile, don't let them edit $this->redirect(array('action'=>'index'); } // the rest of the update code below.. } On Sep 2, 11:55 am, tubiz <tayi...@gmail.com> wrote: > I have already setup the auth component and it is working perfectly. > But I just discovered a problem. > There are two users in my users table when I am login as one of the > users I can access the other users details just by changing the i.d. > This wouldnt be secure as a login user can access all the details of > other users, > Please how can I stop this so that a logged in user is only able to > view his details only and not other users details. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php