Gossamer Forum
Home : Products : DBMan SQL : Discussion :

Finding more than "own" records on searches

Quote Reply
Finding more than "own" records on searches
I've done a quick search for this problem surfacing before in DBManSQL but didn't see it on first glance. I run a database that allows folks to record the foods they eat, their weight, etc. Obviously, this is somthing that should be kept private. As such, I have the flags "$auth_view_own" and "$auth_modify_own" set to 1. I just got a report from an unhappy visitor today because when he did a keyword search, he got everyone's results along with his! I tried it out and get the same results. I have not modified the sub query in db.cgi. I did try adding to html_view_search the following:

Code:
if ($auth_view_own and !$per_admin) {
print qq|<input type=hidden name="UserID" value="$db_userid">|;
}
which does insert the "UserID=whoever" into the search string. However, that does not solve the problem. Oh, and as an interesting aside....if you choose "List All", it works correctly. It's only on searches that this problem occurs. And to add further weirdness...on the search, it only happens when using the keyword field. I have a modified html_record_form_search which is included below. The reason for the modification is because there are something like 80 fields in the database and the search needed to be simplified significantly to be usable.


Code:
##########################################################
## Custom Search ##
##########################################################
sub html_record_form_search {
#--------------------------------------------------------
#Search display for Members Database rather than the one with the script
#

my $sort_by = '<option value="---">';
foreach (@db_cols) {
$sort_by .= qq~<option value="$_">$_\n~;
}


print qq~

<STRONG><$font>Search Options:</font></STRONG></P>
<TABLE BORDER="0" WIDTH="100%">
<TR>
<TD WIDTH="25%" valign="top">
<P><B><$font>by Day:</font></B></P>

<SELECT NAME="Day">
<OPTION SELECTED> </OPTION>
<OPTION>Sunday</OPTION>
<OPTION>Monday</OPTION>
<OPTION>Tuesday</OPTION>
<OPTION>Thursday</OPTION>
<OPTION>Friday</OPTION>
<OPTION>Saturday</OPTION>
</SELECT>
</TD>
<TD WIDTH="75%" valign="top">
<P><B><$font>by Date:</font></B></P>
<P><INPUT TYPE="TEXT" NAME="Date" SIZE="12" MAXLENGTH="25">
<$font_small><b><select name="DateSelect">
<option value="" selected>Exact Date</option>
<option value="<">Older Than or Equal To</option>
<option value=">">Newer Than or Equal To</option>
</select>

<b>YYYY-MM-DD (2000-11-25)</b>
</font></P>
</TD>
</TR>
<td colspan="2"><P><B><$font>by Keyword: (will match against all fields)</font></b>
<INPUT TYPE="TEXT" NAME="keyword" SIZE="25" MAXLENGTH="255"></p></td></tr>
</TABLE>
<HR NOSHADE>
<table width="100%" border="0">
<tr><td width="50%">
<INPUT TYPE="CHECKBOX" NAME="ma"><$font_small> Match Any

<INPUT TYPE="CHECKBOX" NAME="ww"> Whole Words

</td>
<td>
<INPUT TYPE="TEXT" NAME="mh" SIZE="3" MAXLENGTH="3" VALUE="$db_max_hits"><$font_small> Maximum
Returned Hits</font>

<$font_small>
Sort By:
<SELECT NAME="sb">
$sort_by
</SELECT>

Sort Order: <SELECT NAME="so">
<OPTION VALUE="asc">Ascending </OPTION>
<OPTION VALUE="desc">Descending </OPTION>
</SELECT></font>
</td></tr></table>
<HR NOSHADE>
<P><B><$font>Search Tips:</B><BR>
<blockquote>- use '*' to match everything in a field)<BR>
- put a '<' or '>' at the beginning to to do range
searches.</font>

- <$font><b>Search for dates in the following format! (2000-11-25 or YYYY-MM-DD)</b></font></blockquote>
~;
}


What am I missing? This needs to be resolved quickly, as it is a confidentiality issue for my users.

Thank you!



Melanie
http://www.somemoorecats.com/ww/
http://www.okhima.org/
Subject Author Views Date
Thread Finding more than "own" records on searches msmoore 3850 Feb 4, 2001, 2:44 PM
Thread Re: Finding more than "own" records on searches
msmoore 3740 Feb 5, 2001, 9:18 PM
Post Re: Finding more than "own" records on searches
Katana Man 3713 Feb 5, 2001, 10:22 PM
Thread Re: Finding more than "own" records on searches
Alex 3712 Feb 6, 2001, 2:27 PM
Post Re: Finding more than "own" records on searches
msmoore 3706 Feb 6, 2001, 3:11 PM
Post Re: Finding more than "own" records on searches
Katana Man 3732 Feb 6, 2001, 3:55 PM
Post Re: Finding more than "own" records on searches
Katana Man 3673 Feb 15, 2001, 8:44 AM