securit app module

Good night everyone, I’m from Brazil and I have the license of version 9 of scriptcase, I’m having problems trying to make the registered user when logging in to the app see only his data and not all, all records are seen only by the admin.
Does anyone have a tutorial or could help please.

There is many online documentation that explains the Security Module. Have a look at General Overview - Scriptcase Manual

Without knowing what is in the code, it is difficult to say, but I suspect that the SQL Query is filtering the data for the user only.

Hi Thankyou! in validate (events)app_login :
if([sett_brute_force] == ‘Y’ && sc_logged_is_blocked()) { sc_error_exit(); }

$slogin = sc_sql_injection({login});
$spswd = sc_sql_injection(hash(“md5”,{pswd}));

$sql = "SELECT
active,
name,
email,
mfa
FROM sec_users
WHERE login = $slogin
AND pswd = ".$spswd;
sc_lookup(rs, $sql);

if(count({rs}) == 0)
{
sc_log_add(‘login Fail’, {lang_login_fail} . {login});
sc_logged_in_fail({login});
sc_error_message({lang_error_login});
}
else if({rs[0][0]} == ‘Y’)
{
[usr_login] = {login};
[usr_name] = {rs[0][1]};
[usr_email] = {rs[0][2]};
[remember_me] = {remember_me};

if( [sett_enable_2fa] == 'Y' && !empty({rs[0][3]})){ sc_redir('app_control_2fa'); }
 
if(isset([sett_remember_me]) && [sett_remember_me] == 'Y'){
    remember_me_validate();
}

}
else
{
sc_error_message({lang_error_not_active});
sc_error_exit();
}

But user when log in app, view all

User rights need to be set.
Did you do it right or does the user have the right to see everything?

Hi Rick, I did the following:

1- I created a form for registering customer data with fields id, customer name, city, state, email address and etc…
2- then I created the grid to read and show all entries
3- then I used the scriptcase’s native security module and in this I only marked the option to view the aap_grid where the registered customers are.
4- The system admin logs in and is able to add new customers, register new users, that is, he has all the permissions.

I logged in with admin and created a test user paulo full name paulo de souza I added his email and I didn’t check the admin option and left it as active
Then I went to access the system with the user paulo and password paulo I went to list users (grid) and there he can see all the records registered there I wanted only him to see his records (paulo)

I don’t know if in the grid I have to add some command in the sql field!
selecting the native security table created by scriptcase (sec_users)
so:
SELECT
login = [usr_login]
from
sec_users

OK. This is how it is with this Scriptcase security module.
If you already deploy the app to the server then security works.
If you work locally - it doesn’t work.
In the Scriptcase Options - MyScriptcase you have to turn this on manually and then it will work for you locally as well.
Look at the picture:

Rick thankyou i’have set this!
but app its not list one user, list more users when login in to app.

ex. login carlos e pwsd 123456 = this list 100 registers in app-grid

this correct:ex. login carlos e pwsd 123456 = this list register from carlos

So you did a security module based on user or app security?
But I can’t help you here.
Absolutely always all my app. based on group security module.
So if I have 100 users in a group I set the rights only 1x per group.
Usually I have the following groups set up:
user
manager
supervisor
admin

And I set the rights for each group only 1x.

I made the security by groups I defined an admin and a clients group, in this clients group I add a user and a password and define what can be accessed in the case of clients app_grid
What happens is that if I have a record in the form alberto souza with your data address, name, city and etc… in the module when I log in as admin I go to register user password and mark this user in case login alberto password 123456 and mark him in the group customers.
When trying to access the login module I enter his login alberto password 123456 I login but all the records appear, I would like only his to appear

When you say all the records appear. Is this all records is a specific application or al the menu items?

And you’re looking at it in the wrong place.
Write a list of your fields in the table.
This has nothing to do with the security module. You need the correct grid query.
Let’s say something like this, but changed according to your data:

FROM
your_table_name
WHERE login = “[usr_login]”

The security module does not know which records belong to which user.
You need to specify this in the SQL query in the grid

1 Like

you basically need to extend all your data with a userid and store the user id (from a userid macro variable in a session) when data is modified.
i all your grid queries you need to add where userid=[userid] assuming your userid is set with the logged user id as others suggest, this is to be done in the security login app on validation event.

Thank you all so much, I’ll redo it here and let you know.

Tfis is my code in on validate event

$check_sql = “SELECT retiree_id, name, photograph, gender”
. “FROM retirees”
. " WHERE name = ‘" . {Login} . "’ and password = ‘".md5({password})."’";
sc_lookup(rs, $check_sql);

if (isset({rs[0][0]})) {
$_retired_id = {rs[0][0]};
$_name = {rs[0][1]};
$_photography = {rs[0][2]};
$_gender = {rs[0][3]};
} else {
sc_error_message(“Invalid Data. Retype!!!”);
}

[vg_retired_id] = $_retired_id;
[vg_operator_name] = $_name;
[vg_photo] = $_photo;
[vg_genre] = $_genre;

1 Like

$check_sql = “SELECT retiree_id, name, photograph, gender”
. “FROM retirees”
. " WHERE name = ‘" . {Login} . "’ and password = ‘".md5({password})."’";
sc_lookup(rs, $check_sql);

if (isset({rs[0][0]})) {
$_retired_id = {rs[0][0]};
$_name = {rs[0][1]};
$_photography = {rs[0][2]};
$_gender = {rs[0][3]};
} else {
sc_error_message(“Invalid Data. Retype!!!”);
}

[vg_retired_id] = $_retired_id;
[vg_operator_name] = $_name;
[vg_photo] = $_photo;
[vg_gender] = $_gender;

1 Like

Hi there, I solved this with my own piece of app. So I am using SC Security just to log in and after that I run my own code. It is the best solution for me. I have also different menu apps for different type of users. It suits the best for me. Then I redirect user at login to the right menu.