Hi

I'm just setting up my first database and I have a problem when trying to modify a record. Everything seems to work OK when adding or deleting records, or when an admin is modifying a record, but when a normal user tries to modify their own record they get the error

Error: Unable to Modify Record

There were problems modifying the record: (can't find requested record)

Can someone suggest where I should look to sort this problem, or what additional information I would need to supply.

Regards

Mike Caine

Sounds like a problem with your key field definition. The best thing to do is to copy your default.cfg file to a web-accessible directory -- one where you would put html files -- and let us know where it is. Then someone will take a look at it and see if they can find the problem.

You may have to either start over with a new database or do major editing of your database by hand. It may be that you won't have to, but I'm just preparing you for the worst.

I should know more when I look at your .cfg file.

------------------
JPD

Hi

Thanks for that.

I've copied the cfg file to

http://ns1.courtie.net/www-isle-of-man-com/cgi-bin/interests/genealogy/researchers/default.cfg.txt

The databse itself is at

http://ns1.courtie.net/www-isle-of-man-com/cgi-bin/interests/genealogy/researchers/db.cgi

This is not live yet. I'm moving my site from it's current location to a new server and was trying out DBMan on this new server. I've asked some people on the Manx Genealogy Discussion List to test the database and I have warned them that it is likely to be cleared out before going live.

Thanks

Mike

You need to add a field for the record ID to your form. It can be a hidden field like your Date field is, but it needs to be there. In the modify_record subroutine, it looks for the key field to be sure it's got the right one. Without the key, it doesn't know which record to modify.

I'm not sure why it works for admin. It shouldn't.



------------------
JPD

Hi,

Thanks for that, it seems to be working OK now that I've added that bit. I suppose it worked for admin because admin can modify any records owned by anyone?

Any idea how I can re-write the line

<INPUT TYPE="HIDDEN" NAME="Date" VALUE="$rec{'Date'}" SIZE="12" MAXLENGTH="12">

so that it when someone modifies their record the date field gets updated. It's assigned automatically when the record is created by

Date => [8, 'date', 12, 15, 0, &get_date, ''],

but I'd like up to be updated when the record is altered.

Thanks

Mike

Sure.

For one thing, you don't need to use
SIZE="12" MAXLENGTH="12"

in hidden fields. It doesn't hurt anything, but you don't need them.

If you want the Date field to be changed to the current date when people modify their records, in html.pl, sub modify_form_record, after the line that starts with

if (!%rec) { &html_modify_failure("unable to find ...

add

$rec{'Date'} = &get_date;

That'll do it. (And this is one of the few things that I have written on the forum that I have actually used! )


------------------
JPD

Nice one :-)

I had a feeling &get_date was required but was damned if I knew where to use it.

All seem to be working fine now, but I'll test it some more before going live.

Thanks

Mike

Please let me know when you have it done. I am very interested in genealogy and, although I don't know of any ancestors from the Isle of Man, I'm always interested to see genealogy sites.


------------------
JPD

Sure, the genealogy section is currently at
http://www.isle-of-man.com/interests/genealogy/index.htm

http://www.isle-of-man.com is really just my glorified homepage.

I'd knocked together a very basic "database" about 4 years ago which would create a static html page if there was any additional data in the "notes" field but there was then no way for the person to alter their record. I was getting a bit bogged down amending people's data at their request so thought it time I looked into a proper database.

I'm just looking into adding the Password Lookup faclity but I can't figure one aspect out. I've used .htaccess before to protect a directory but how do you set it up so that the script (running as nobody) can access the directory but a browser can't? When I've tried this before for the WebAds script on a different site it looked like the script could no longer access the data directory to return the banner ad graphic. Once .htaccess was removed the banner worked OK again.

I'm presuming that I'll need to use .htaccess to protect the plain text passwords that the Password Lookup needs?

Thanks again

Mike

A lot depends on your server. Some servers will allow any non-executable files to be displayed if they're in the cgi-bin. If yours does, this could be a problem.

I just checked it and you will have a problem. But, as with almost every problem, there is a solution!

First, you're going to want to prevent anyone from being able to get a list of the files in your directory. All you have to do is to create a little index.html page and add it to the directory. It can say anything you want and doesn't have to be extensive at all. All you need is an html file that will display when someone tries to access the directory. You could even just copy the index.html file that's in the auth directory, if you wanted to.

Second, you're going to have to use some "obfuscation." (I like that word! ) The following came from BigGeorge here on the forum.

Rename your default.cfg file to something else. You can leave the "default" part, but change the "cfg" to something only you would know -- it doesn't have to be only 3 letters and it can be any letters you want. (Probably could be numbers, too, but I'm not sure.) For the purpose of illustration, I'll use "abc" as an example.

Then open your db.cgi file and look for

require "$db_setup.cfg"; # Database Definition File

change that to

require "$db_setup.abc"; # Database Definition File

Rename your .pass file to something other than "default.pass." You can get as obscure as you want here. I once named a password file "old.stuff" for someone.

Then go into your default.cfg file (which is now named "default.abc") and change

$auth_pw_file = $db_script_path . "/default.pass";

to reflect the change in your password file. If you were using the example I gave above, you would have

$auth_pw_file = $db_script_path . "/old.stuff";

You can do something similar for the default.db file, if you don't want anyone to be able to access it directly.

Be sure to change the files on both your server and on your home computer, in case you do some editing later on. You might forget to change the file names and you'd have problems.

I don't know enough about .htaccess to be able to give you any advice about using it. But I think this is probably going to work for you.


------------------
JPD