Member Avatar for mgn2683

Hi,

I am trying to restrict access to a dynamic list page based of a login id. Essentially a person will login, be directed to the index.php page and can then click on a link to Exam Evaluation. From this page, there are two links, and they can click on Score Detail. The score detail list page is supposed to only show what people they have been assigned. My recordset is:

SELECT score_detail.candidate_id, score_detail.set_nbr, score_detail.set_score, score_detail.set_rdr_comment, score_detail.set_chp_comment, score_detail.set_edt_comment, score_detail.id, questions.question, questions.set_number, questions.set_txt, assignment.Id, assignment.Candidate, assignment.Reader
FROM score_detail, questions, assignment
WHERE score_detail.set_nbr= questions.set_number AND assignment.Reader= login  AND  {$NXTFilter_rsscore_detail1} AND  {$NXTFilter_rsscore_detail1}
ORDER BY {$NXTSort_rsscore_detail1}

Theoretically this should be working. My login variable is:

name:login
type: numeric
default value: 544
runtime value: $_SESSION['kt_login_id']

At first I thought the session variable was breaking from the Exam Evaluation page, but I tried a link directly from the index.php page to the dynamic list and it still wouldn't restrict the information. Does anyone have any ideas or what to change in my recordset? Thanks in advance.

  • 2 Contributors
  • 1 Reply
  • 129 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by digital-ether
Member Avatar for digital-ether

Hi,

I am trying to restrict access to a dynamic list page based of a login id. Essentially a person will login, be directed to the index.php page and can then click on a link to Exam Evaluation. From this page, there are two links, and they can click on Score Detail. The score detail list page is supposed to only show what people they have been assigned. My recordset is:

SELECT score_detail.candidate_id, score_detail.set_nbr, score_detail.set_score, score_detail.set_rdr_comment, score_detail.set_chp_comment, score_detail.set_edt_comment, score_detail.id, questions.question, questions.set_number, questions.set_txt, assignment.Id, assignment.Candidate, assignment.Reader
FROM score_detail, questions, assignment
WHERE score_detail.set_nbr= questions.set_number AND assignment.Reader= login  AND  {$NXTFilter_rsscore_detail1} AND  {$NXTFilter_rsscore_detail1}
ORDER BY {$NXTSort_rsscore_detail1}

Theoretically this should be working. My login variable is:

name:login
type: numeric
default value: 544
runtime value: $_SESSION['kt_login_id']

At first I thought the session variable was breaking from the Exam Evaluation page, but I tried a link directly from the index.php page to the dynamic list and it still wouldn't restrict the information. Does anyone have any ideas or what to change in my recordset? Thanks in advance.

How are you restricting the access to the page. Do you have some PHP that checks the session ID and controls access based on that?

Try dumping the session to see if it is actually set properly:

var_dump($_SESSION);

or

var_dump($_COOKIE);

to see if it is actually in the cookies or not.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.