I'm making a B2B portal that can see just loggedin business customers that I add to base, I finished almost all, but there is one problem.
When customer add some goods to his cart, goes to checkout and confirm his order he will have a link to invoice.php?ids=156 and that will appers just in his profile and not in profile of other customers but if he change ids number like this invoice.php?ids=150 he will see content although he did not create that purchase.
This is not a big problem if someone does not try to change ids of invoice.php and compromise the privacy of another user.
As I said in the title I need to make partially page user access restrictions, to all users can see page but same page with "ids?=" can see just user that create that page.
I apologize for the bad English.
Does anyone have an idea?
Thanks in advance!