[NachoIF]

I don't know if it happens because my bad cofification, but now, i'm really afraid because it's a university project and i have no time to change to another framework.

Ok, i'll try to explain it.

I filter rows by user id, and my intention is that only one user can modify his records.

$crud->set_table('REL_CONVOCATORIA_USUARIO');
$crud->where('REL_CONVOCATORIA_USUARIO.IDUSUARIO',$idusuario);    

But if type in the url somethin like this:

http://localhost:8080/index.php/gestorusuario/gestorconvactivas/edit/43

i can modify item 43 thats is not an item from the current user

What i'm doing wrong?

How can i prevent url modifications?

It's an aplication with three roles, admin, supervisors and users, and in many pages only one person can modify his user data.

 

[Amit Shah]

well - practically speaking you cannot ... prevent it from happening it simply. But yes - if you want you can apply CSRF policies that will ensure there is no modification on the URL. For that - u wil need to alter the library to generate the urls accordingly..

Instead .. there is another simple thing u can do - whenever the url is being called.. just validate if this element is accessible by the user or not. If yes - allow it.. if no - disallow it. simple..!!

[NachoIF]

Oky that's what i've done!!!

i've made a function that check the status, the url paramters, the user and then permit the access or not

thanks a lot for the answer

 

could you takl me more about CSRF polices, i don't know what you mean with that, sorry...

[Amit Shah]

sorry bro .. i was all the way on a vacation.. there are a lot of articles available on net for CSRF .. but its bit tough 2 get it implemented with GC i believe