I recently created a very basic site where a user logs in and then has access to a database that they can edit. I want the user to be able to only edit their own details and no one elses, and I have no idea what I should add to the code to be able to do that. Here is what the edit page looks like atm (I'm aware it isn't very secure to show password like that, it's just an example)
CodePudding user response:
One way to begin would be, when generating each (HTML) row for this table, do not echo/output an 'Edit'/'Delete' link unless the current user's UserId is equal to the row's UserId. Also, whatever happens when the 'Edit'/'Delete' link is clicked should only run if the record's UserId is identical to the current user's UserId.
Another thought, when originally loading the (HTML) table to view the records, only query the db for the rows that are related to the current user. Then you won't have to do any further checking before including the 'Edit'/'Delete' links.
To offer more specific guidance/ideas, I'll need more detailed questions and examples of your own coding attempt(s).
CodePudding user response:
you have to create a table such as "user" which will have user details. Now when your user successfully login, you have to generate and cookie or session depending on the application that securely store the user ID. then when user wants to changes the details check whether the ID matches. furthermore, only show logged in user information in the fontend.
Login (table)
- ID <- unique id for each user
- password
user (table)
- ID <- check whether id is same
- name
- address