Hi Amarradi,
This is how I do it:
As you can see i don't give any parameter at all, so the user cannot meddle
with it.
function edit() {
/*
* with this function the user can change his / her own password
*/
if (!empty($this->data)) {
if ($this->data['User']['password'] ==
$this->Auth->password('')){
$params = array(
'validate' => true,
'fieldList' =>
array('id','name','username','deleted','gruppe_id')
);
} else {
$params = array('validate' => true);
}
$this->data['User']['id'] = $this->Auth->user('id');
if ($this->data['User']['password'] ==
$this->Auth->password($this->data['User']['password2'])){
if ($this->User->save($this->data, $params)) {
$this->Session->setFlash(__('The User
has bee savedt', true));
$this->redirect(array('controller'=>'todos', 'action'=>'index'));
} else {
$this->Session->setFlash(__('The User
couldn't be saved. Please check.', true));
}
} else {
$this->Session->setFlash(__('passwords don't
match. Please check.', true));
}
}
if (empty($this->data)) {
$this->data = $this->User->read(null,
$this->Auth->user('id'));
}
}
Hope this helps
Anja
-----Ursprüngliche Nachricht-----
Von: [email protected] [mailto:[email protected]] Im Auftrag
von amarradi
Gesendet: Donnerstag, 19. Februar 2009 19:55
An: CakePHP
Betreff: user Profile protection howto
Hello together,
How do i protect the userprofiles?
Because i don't know how i protect the userprofiles mutually. if a user is
logged in and he visits
/cakePHP/users/edit/1 he can edit his profile. But when he typed in his browser
/cakePHP/users/edit/2 he can edit an other profile.
How can i stop this?
many greeting
Marcus Radisch
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
