Is there a way to use two passwords instead of one? I do not mean a global password, either ... my reason is this:

People are encouraged to log in and VIEW single records by entering the last name of the person whose record they want to view, along with the person's 4-digit access code.

I used the access code as the userid and the last name as the password. However there is an obvious security flaw in that someone could take the code and the password that they were given to VIEW a record, and go to my EDIT page and log in and edit the record up. Therefore, I would like to somehow set up a second user-specific (non-global) password that is required only for those who are trying to get to the EDIT section.

I think I'm making this sound harder than it should be, so I'll stop.

So you mean that users have the permission to edit their own records and as long as you are providing the code you are also having them basically login as the owner of the record to view also?

That is a security flaw. I would suggest either making the option to edit admin only or hide some fields within the html_record_form to not be visible when modifying a record.

You could do so by using something like this:

|;
if (($per_admin) or (!$in{'modify'})) {
print &build_select_field("duration",$rec{'duration'});
}
else {
print qq|<input type="hidden" name="duration" value="$rec{'duration'}">$rec{'duration'}|;
}
print qq|

Include all those fields which only admin would have access to modify.

Perhaps someone else may come up with some recommendations.

Unoffical DBMan FAQ
http://redundantcartridge.com/dbman/

Well the problem arose a while back and for some reason I rearranged things so that it worked this way...

I originally was trying to not restrict people from viewing records too much. They could enter the 4-digit access code they were provided to view the information. However, to avoid a security flaw (people simply guessing 4 digit numbers until one works and they can see someone's page) I added in the Last Name requirement. Now the access code is the userid and the person's last name is technically the password. This makes it almost impossible for someone to just guess a record and call it up.

But as we know from the above posts, this is no good because then someone who is just supposed to be viewing could navigate their way around and log in to edit as well... even though I have these functions separated well.



So I am going to attempt to give default users authority to VIEW, still require the access code and last name, but switch the last name so it is no longer the password. This way the user is actually just performing a search for a single record -- the one matching the access code and last name they enter. But in order to edit, they will still need the password that they signed up with.

*** EDITED SECTION: I was thinking ... how then, would I make it so ONLY if the user entered the access code (which is the userid) as well as the last name to match the userid ... they would get to see the record?

LoisC...



Thanks for your help, I managed to do it!



I used JPDeni's format for requiring that a user enters terms for 2 items (the last name and access code) when searching for a record. Being a default, they have permission to view the record. The 1 record that they could be searching for shows up if indeed they enter the correct last name and access code.

And the password is no longer the last name, it is a secret password defined by the user for the user.





So much simpler than I made it out to be.



Thanks!

What happens if a user enters a wildcard in either field?

Or did you think of that.