I have seached the forum, but could not find a satisfactory answer… I use the DataConnector a lot to fill grids, forms, listboxes, etc… Unfortunatly, if you just call the php script from any browser you can get output from the connectors, without any security. I sort of understood that there was some php-session type security, but was not sure how to implement it. My program has a login form, which I could use to initiate a regular session…
Can someone pls guide me?
At start of each connector add something like
if (!isset($_SESSION["userid"])) die();
where userid - var which you are using as user autentication flag
Thanks Stan, but can you please elaborate just a little bit further
I understand I have to set up some session variable, but that’s about all!
I’m not quite sure which details is necessary.
In any app you have some way to distinguish user, which accessing page. Most probably you have some session variable for that. If you have some part of site which must be accessed by trusted users - you already has such functionatlity. Similar check can be added to the connector.
So, on login page you are setting some var in session, in connector page you are checking it. If user is not logged it, it has not var in session, and as result connector will not be processed for it, which means that data can’t be accessed|changed by not logged in user.