Delete only users sites

2014-04-29 Thread Gerculy Robert 
Hi there,

I'm working on a traffic exchange site and since I'm very new I used this 
login script : 
http://miftyisbored.com/a-complete-login-and-authentication-application-tutorial-for-cakephp-2-3/
Everything works nicely. Based on that code I created a few pages ( Add 
site, List sites, delete sites)

My problem is that anyone can delete the websites.( I'm sure this goes with 
users - not tested yet )

public function delete($id = null) {
 if (!$id) {
 $this-Session-setFlash('Please provide a site id');
 $this-redirect(array('action'='index'));
 }

 $this-Site-id = $id;
 if (!$this-Site-exists()) {
 $this-Session-setFlash('Invalid site id provided');
 $this-redirect(array('action'='index'));
 }
 if ($this-Site-saveField('status', 0)) {
 $this-Session-setFlash(__('Site deleted'));
 $this-redirect(array('action' = 'index'));
 }
 $this-Session-setFlash(__('Site was not deleted'));
 $this-redirect(array('action' = 'index'));
 }


This is the code. I tried adding a condition but couldn't make it work.
 I also tried a very old solution :

if($this-Site-user = $this-Session-read('Auth.User.id')){

 // code

 }else{
 echodie;
 }

 
But another fail.


-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.

Re: Delete only users sites

2014-04-29 Thread Stephen S 
Quite a few ways to go around it, for example you can create something like
this in your Site model (or even App Model if using $this-alias)

public function belongsToUser($siteId = null, $userId = null) {
$site = $this-find('count', array(
'conditions' = array(
'Site.id' = $siteId,
'Site.user_id' = $userId
)
));

return ($site  0) ? true : false;
}

Then from your controller you can do something like..

if(! $this-Site-belongsToUser($siteId, $this-Auth-user('id')) {
$this-Session-setFlash(__('Sorry that site does not belong to you'));
return $this-redirect($this-referer());
}


On 29 April 2014 11:08, Gerculy Robert rgerc...@gmail.com wrote:

 Hi there,

 I'm working on a traffic exchange site and since I'm very new I used this
 login script :
 http://miftyisbored.com/a-complete-login-and-authentication-application-tutorial-for-cakephp-2-3/
 Everything works nicely. Based on that code I created a few pages ( Add
 site, List sites, delete sites)

 My problem is that anyone can delete the websites.( I'm sure this goes
 with users - not tested yet )

 public function delete($id = null) {
 if (!$id) {
 $this-Session-setFlash('Please provide a site id');
 $this-redirect(array('action'='index'));
 }

 $this-Site-id = $id;
 if (!$this-Site-exists()) {
 $this-Session-setFlash('Invalid site id provided');
 $this-redirect(array('action'='index'));
 }
 if ($this-Site-saveField('status', 0)) {
 $this-Session-setFlash(__('Site deleted'));
 $this-redirect(array('action' = 'index'));
 }
 $this-Session-setFlash(__('Site was not deleted'));
 $this-redirect(array('action' = 'index'));
 }


 This is the code. I tried adding a condition but couldn't make it work.
  I also tried a very old solution :

 if($this-Site-user = $this-Session-read('Auth.User.id')){

 // code

 }else{
 echodie;
 }


 But another fail.


  --
 Like Us on FaceBook https://www.facebook.com/CakePHP
 Find us on Twitter http://twitter.com/CakePHP

 ---
 You received this message because you are subscribed to the Google Groups
 CakePHP group.
 To unsubscribe from this group and stop receiving emails from it, send an
 email to cake-php+unsubscr...@googlegroups.com.
 To post to this group, send email to cake-php@googlegroups.com.
 Visit this group at http://groups.google.com/group/cake-php.
 For more options, visit https://groups.google.com/d/optout.




-- 
Kind Regards
 Stephen Speakman

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
CakePHP group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.