No announcement yet.

login to see only logged in user records

  • Filter
  • Time
  • Show
Clear All
new posts

  • login to see only logged in user records

    I'm creating several user apps protected with a control app
    I need to know how to do in every application if I want a user to see only his records.
    By now, when a user logs in, can see the details of another users (in every app)

    This is the code set in the event "on validate" in the login application

    $usr = {Usuario};
    $pwd = {Contraseņa};
    $sql = "SELECT
    (Usuario = '".$usr."') AND
    (Password = '".$pwd."')";
    sc_lookup(ds, $sql);
    if (isset({ds[0][0]}))
    echo "Usuario o contraseņa incorrectos";

    It works, but I need the user to see only his own records, and by now can see all user data
    Can anyone rewrite it for me with a solution? (will it work with all my app?)

    Can you help me?

  • #2
    You need to be able to 'mark' the records belonging to the user. That can be done in several ways, but if every user has his own records (not sharable) then you can add the userid to a 'owner' field. After logging on you can use the scriptcase global username and apply this to every sql in your forms by adding it to the where clause:

    ... and owner=[sc_username];

    I'm not sure about the sc_username, but in the logon application you can easy find the correct name.
    Albert Drent
    aducom software netherlands
    scriptcase partner, reseller, support and (turn-key) development /


    • #3
      Thank you, but how can I do this?
      Where do I write it?
      The id user is ID_Usuario


      • #4
        The security module generates a global variable, normally called [usr_name] , if the credentials are valid..So let's say you have a table called "Tasks" with several fields, one of them called "user_name", you can filter the grid records by user name if you add a SQL WHERE clause like this:

        (user_name = '[usr_name]')

        This will only work if the user name from the "users" table (the one from the security module) and "tasks" table are the same.

        Hope this helps.


        • #5
          Hi Julio
          For myself I have used the security module and then added a new field to the db table for a userid (set as Primary key and auto inc), also adding this new field to the login so that the userid is cleared and then also added on login (check login page - events).

          Each table which is to be user specific will also need to have the new field "userid" so that it can be added on insert/update.
          Then on all forms specific for the user u will need to add userid as default, so when the user uses the form the userid is inserted with form data.
          On grids its simple changing the sql to filter view for specific userid, so a "where userid = x"
          I find using this method is alot cleaner than having usernames all over my tables plus it saves some bots of storage, espechialy when u start to have usernames which are 20 char long.

          Anyhow just thought I would share my method of doing this..

          hope it helps


          • #6
            maybe i did not caugth the problem.

            But you have a user record which the user should be able to see. And that should be the only thing that he should see.
            Simply add that key-field value to a new secure-user DB field of the login process. Now you have the key-field of the logged-in user.
            Place that value in the where clause of the forms SQL.

            Had a similar task when scripting a clubs database. ^^ Some ladies wanted other not to see their year of birth ^^ That was a job of the onrecord-event
            using that key-field and works as intended ;-)




            • #7
              can we create a view based on the userid whois logged and use that view as a "table" in rest of the application?