Paul, One thing you could do is when the user logs in you set a session variable of the ID number he is allowed to view data for... then you just need to check that the URL ID matches that. If users have multiple schools they can access, then you just need to make that session variable a list.
HTH d -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 29 April 2004 12:10 To: [EMAIL PROTECTED] Subject: [ cf-dev ] URL parameters Hi, I wonder if anyone can help me with this please. I have a system which shows data to schools and advisers. Advisers can see all data about everything. Schools can only see data from their own school. I have a login system (standard out of the book type) When an adviserl logs in they are directed to a page that asks them to select the school they are looking for. When a school logs in they are directed to their school only. The problem is how do I maintain this when the school user navigates around the site and how do I stop schools from hacking the URL and going to a different schools data ...? Regards - Paul My login action script follows ..... <cfset Page=#url.page_id#> <CFQUERY NAME= "password_query" DATASOURCE= "WebUserDSN"> SELECT * FROM user_details WHERE user_details.roles ='#trim(form.select_user)#' AND user_details.password='#trim(form.entered_password)#' AND user_details.users_name='#trim(form.entered_UserName)#' </CFQUERY> <cfoutput> <cfif password_query.RecordCount is 0> <cffile action="Append" file="#application.log#" output="#DateFormat("#Now()#")#, #TimeFormat("#Now()#")# ACCESS DENIED! username = #trim(form.select_user)# Password = #trim(form.entered_password)#."> <cflocation url="../loggedin/password.cfm?page_id=#page#&nl=1"> <cfelse> <cffile action="Append" file="#application.log#" output="#DateFormat("#Now()#")#, #TimeFormat("#Now()#")#, #password_query.users_name# LOGGED IN"> <cflock timeout="10" type = "exclusive" scope = "session"> <cfset session.loggedin="1"> <cfset session.user = "#password_query.users_name#"> <cfset session.access_rights = "#password_query.roles#"> </cflock> <cfif password_query.roles eq 'Head Teacher'> <cfset session.head ="1"> <cfset session.school=encrypt(#password_query.access#, #application.key#)> </cfif> <cflocation url="../#Page#"> </cfif> </cfoutput> ************************************************************************ ************************* The information contained within this e-mail (and any attachment) sent by Birmingham City Council is confidential and may be legally privileged. It is intended only for the named recipient or entity to whom it is addressed. If you are not the intended recipient please accept our apologies and notify the sender immediately, or telephone +(44) 121 303 6666. Unauthorised access, use, disclosure, storage or copying is not permitted and may be unlawful. Any e-mail including its content may be monitored and used by Birmingham City Council for reasons of security and for monitoring internal compliance with the office policy on staff use. E-mail blocking software may also be used. Any views or opinions presented are solely those of the originator and do not necessarily represent those of Birmingham City Council. We cannot guarantee that this message or any attachment is virus free or has not been intercepted and amended. ************************************************************************ ************************* -- These lists are syncronised with the CFDeveloper forum at http://forum.cfdeveloper.co.uk/ Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ CFDeveloper Sponsors and contributors:- *Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by activepdf.com* *Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com* *Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com* To unsubscribe, e-mail: [EMAIL PROTECTED] -- These lists are syncronised with the CFDeveloper forum at http://forum.cfdeveloper.co.uk/ Archive: http://www.mail-archive.com/dev%40lists.cfdeveloper.co.uk/ CFDeveloper Sponsors and contributors:- *Hosting and support provided by CFMXhosting.co.uk* :: *ActivePDF provided by activepdf.com* *Forums provided by fusetalk.com* :: *ProWorkFlow provided by proworkflow.com* *Tutorials provided by helmguru.com* :: *Lists hosted by gradwell.com* To unsubscribe, e-mail: [EMAIL PROTECTED]
