I am developing a website using Webmatrix. I have a post page where user can post an item with several fields like item name, description, user name, phone number etc. I take all these values and save the item in database. Alongwith all this data provided by the user, I also save a user id of the user with WebSecurity.CurrentUserId method for that item.
This works well almost everytime. However, on very few occasions, I noticed that user id is stored as "-1" for some items.
I am absolutely clueless and can't figure out why it's happening.
Has someone ever experienced such thing. Or can someone may have clue about this?
I am not certain this will solve your problem but it would not hurt to verify that the current user is also defined within your web security database with WebSecurity.HasUserId property. I would give that a try - let me know what happens.
Hope that does the trick!
Related
How would one go about creating a function/plugin for the following?
I have two user_types, FREE and PAID.
Both users have certain fields they can fill in. The PAID user has more fields they can fill in.
If a PAID user reverts back to a FREE user, how can only the FREE fields show on the frontend without showing the already PAID fields?
There must be a way to filter the fields per user_type? I'm very much a noob at writing code.
If anyone could explain and guide me, that would be great.
Cheers,
I have done something like this some time ago for something different. It was about showing content only to users with a specific user level.
You could register new user roles and check whether the current user (of the site, probably logged in) has the appropiate user role to view specific content.
I used is_user_in_role on the frontend and that works fine for me.
Concerning the PAID fields: Let the users fill them with content but add a notice like "Pay to show these fields publicly" on the frontend when he visits his own profile (or whatever you are building). This sometimes works very well for getting more paid users (make sure, you really have a benefit from those fields).
I'm new to using Parse.com and I'm trying to understand the general relationship between a logged in user and user-specific data.
I've figured out and understand how to create users and objects but I'm fuzzy on how to connect the two.
Is it as simple as creating a user and then once their logged in, storing an object with their username as the key?
Then when a user signs in successfully, you retrieve the object under their username key?
I just want to make sure I'm approaching this from the right angle, since I plan on having a lot of users and I also want the most secure approach.
I've read through the Parse.com documentation but can't seem to find the connection between the two. Any help is appreciated!
Do you mean when the user submits any details it is recorded with their User ID? If so, then this code will work for you:
ParseUser user = ParseUser.getCurrentUser();
//yourObjectID.put("User", user);
There is no user-specific data (all data is global with respect to the app ID you registered, as Parse is a database), but you can store data inside a ParseUser object. You can also give it access controls (an ACL), so only that user can read/write it. When the user signs in successfully, I don't believe it will be part of the ParseUser object yet, you need to fetch the data. (This is definitely true for object fields, but I'm not sure about simple fields like strings and ints. It deserves testing.)
There is a caveat to this. Depending on which SDK you're using, some of that information may be cached. In Unity 3D, for instance, the ParseUser object will retain all its data between program invocations (and indeed, will remain logged in).
I'm implementing my database. xD
Should I make changes, but I would like any further information about it, by those who are more experienced than me.
1) Should I make sure to keep a tracking for security reasons.
I would like to create a table "access", which contains the following fields.
id, id_user, browser, os, dates, ip.
What should I change, to ensure that each time the user login, is added a new record in this table.
If you have more tips on how to improve this point, I'd be grateful.
2) I would like to do so you can make the user choose whether the session of his choice or whether permanent or not.
I could only find a way to do it, that the session lasting for a certain period of time.
But I would like to implement a graft.
3) Should I implement multiple sessions, I'll explain.
The possibility that every user experience their sessions, such as facebook ago.
You can see how many active sessions exist and on what date.
I thought at a table like this:
id, id_user, queues, browser, os, dates, ip.
What do you think, you can do what?
If yes, what should I change in the structure of laravel to do this?
Thank you in advance who will help me.
I apologize for my English and the long text.
1) You should use also timestamp that logging table. You can use the built in updated_at and created_at timestamps. In your login function simply create a new instance of the model, populate the attributes and save() it.
2) There is a built in remember me behavior that you can use. More details can be found in the Laravel docs http://laravel.com/docs/4.2/security
3) Can you explain more of why you would want to implement multiple sessions? Why would this be useful for your application?
I hope my answer helps.
I have a page for editing product details. I want to restrict that only one user can edit the product page. When a new user opens it while there is a current user editing it, I would like to place some notification then automatically make it available once the current user leaves the page. Any suggestion on how I should approach this?
I would recommend just letting them both edit at the same time.
If you want to notify the last person to save their document, then you can add a "version" column to the database.
Upon saving, you would check the version column, to ensure that the row had not been changed. If it had been changed, you would notify the user at that point.
If i understand you question correctly it sounds like you need to know about database concurrency,
Here are a couple of articles:
MSDN
Ironspeed
Now if you are asking how to authorize only a single user to edit records then you would need to look at roles and aloow say only admins to edit records.
you can have optimistic lock on your record while it is in edit mode , once it is saved make that record avaliable for other user.
Try something like this:
Create a table something like userAccess with IsAccessColumn
if user 1 access edit page set isAccess to True
So the second user will not access the edit page if records is set to true.
Then Set to False if user 1 finally edited the record
After that user 2 can now open edit page.
Regards
Hi Sitepoint wizard people,
Say we have an admin application that has multiple users and various objects. What I'd like to do is control access within the object itself - that is, it will behave one way for one type of user, and another way for other users. For example...
Director Mike can override Reception user Sally's registration date. One would assume that Mike could set any date both in the past or in the future. Then we have Payroll user Steve who can also modify Sally's registration date, but only for dates in the past up until (for example) one year ago. To spice things up, then we have the HR Manager Mary who can also amend Sally's registration date, but only for dates from precisely 23rd June 2007 up until one month from now...
How can I program the access restrictions so that on the front end, the form control is restricted with a min and max date, and in the backend, the validator checks the entered date to make sure it falls between those dates? I'd obviously need to be able to tweak the min and max dates for each user type. Other objects might have different parameters - maximum amount on a discount field or days of the week for overtime, for example.
I've asked this question in different ways, but each time I get bogged down by the implementation. I'm currently developing it as a php/MySQL web-based application, but thoughts and comments from other platforms very welcome! This time I'm looking at first principles, so it doesn't matter what your background is, if you have any ideas, please let me know! What do you even call this type of access control...?
Depending of how you application is based, you could ask for credentials at the start of the application and depending on who is requiring access, you could load a different xml file containing different settings.
As for security issue, make sure that the different xml files can't be reached by the users.
Edit:
Since you are using MySQL you could do something like this.
Let's say you have a table of users that has those fields : UserId, UserName, RestrictionId.
And with a Restriction table that looks like : RestrictionId, FieldName, FieldCondition.
This way, in your php app, when a user is authenticated, you can go fetch the correct "Restrictions" on the field and apply them in your code. If it happens that you have multiple fields that require different rules then you can simply add them with the correct RestrictionId.
This DB design is far from perfect, I'm pretty sure you can do better
Since, you are already using MySql db. You can maintain the UserRole Master table details in DB itself. Load the user role data based on login, then you can easily validate the changes made by the user accordingly.