I've set up DBMan incorporating JPDeni's Secure password lookup and private mailer mods among others, and everything works fine so far. I've got a concern about the private mailer mod though (maybe I shouldn't worry about it): If an user puts the mouse cursor over the link to the form to be emailed to the owner of a record then he/she can easily see the record owner's userid.

I have set the $db_key to the Userid field so that any registered user can only add one record to the database. Is there some way to prevent people's userids to be seen this way? is it possible that kind of privacy?

Thanks

1) Add another field called RandomID.
2) Set this field to a randomized set of numbers (hint -> similiar to password field).
3) Upgrade your database.
4) Upgrade your form routines in html.pl to include a hidden field that will create a random number for the field for all your users.
5) Then update the Mailer Mod codes, to use the RandomID field rather than UserID.

Best of luck!
========================================
Buh Bye!

Cheers,
Me

Hi Eliot, thanks very much for your response. I'm a novice so I really don't know whether I will make something out of this

Correct.
========================================
Buh Bye!

Cheers,
Me

Eliot,

I began creating the RandomID field (with 6 random digits) and adapting the db.cgi and html.pl files accordingly and the database as well (with the new field). After a few 'Internal server' errors things seemed to go well. However when a new user tries to add a new record now there is a message saying:

Unable to add record RandomID (Too long. Max length:6).

I think I have seen that kind of message with DBMan before but I don't remember where. I'll go on trying though

Regards
Manuel

You need to add a HIDDEN field in the sub html_record_form sub in the html.pl.

I believe that you can simply use:

<input type="hidden" name="RandomID" value="$rec{'RandomID'}">

OR

|;
my $randomid = &get_random_sub;
print qq|<input type="hidden" name="RandomID" value="$randomid">|;

Hope this helps.
========================================
Buh Bye!

Cheers,
Me

That's what I first did. Now I'm trying with and admin field and a hidden field for the user..
I'll keep trying

You should really have it hidden for both. There is no need for either the Admin or end-user to edit this field. It should remain hidden.

Good luck!
========================================
Buh Bye!

Cheers,
Me

     Log off problem (Funny behaviour)


Eliot, I went all the way through here, I mean everything worked -the 6 random digits for the RandomID field were generated every time a
record was added, and addition itself was ok-
and all seemed fine pending the final test
(point 5, updating the private mailer codes).

All of a sudden, I find out that if the user
logs on to his account, (having added his record), and clicks by chance on the Log Off link, a
blank screen appears. After that all is funny because clicking on the other links of the footer pulls the Log On Error screen (There was a problem logging into the system: invalid/expired user session).

Clicking the Log Off link always pulls either the blank screen or the Log On Error screen

Can you figure out an explanation?

Regards
Manuel

1) Check the logoff sub in the auth.pl file to make sure you have not inadvertantly changed something.

2) Check the $db_key and $db_track variables in the default.cfg file.

3) Also check the $db_userid field confid in the default.cfg file. If may have forgotten to change the number depending on how you added the RandomID field.
========================================
Buh Bye!

Cheers,
Me

Eliot, fortunately I didn't mess around too much with those settings so I guessed the mistake wasn't likely to be there.
The situation I described in the other post was so discouraging that I decided to find a workaround.
Instead of using the logoff_form=1 in the script I decided that the Log Off link pointed to
the Welcome Page so to speak (&db_dir_url)
instead of &db_script_link_url&logoff=1.
So I changed that in the footer section of the html.pl
file and everything works now - the link and the whole script!.. To me it makes sense for the log off link to point to the Welcome Page where there should be a Log On link too to access the db!

I tried also to put an url or a variable in &auth_logoof=""; in the cfg file but nothing worked so I left it like that and it's fine.

Now Eliot there is just a final step (point 5) but I have no idea how to tackle that. Can you tell me how?

Regards
Manuel

You simply would replace all the Mailer Mod links in your html.pl file from $rec{'UserID'} to $rec{'RandomID'} and for the get_record codes, use $rec{'RandomID'}.
========================================
Buh Bye!

Cheers,
Me

I've been through the mailer section of the html file and can't find those variables Eliot, just &db_key and $in{$db_key} which in my case is &db_key='userid'

Regards
Manuel

Right...you would change $in{$db_key} to $in{'RandomID'}.

OR

simply create a new variable in the default.cfg file called $db_randomkey. This would equal the number of the RandomID field number.

EXAMPLE:

$db_randomkey = 10;

Then rather than using &db_key, copy that sub and call the new sub: &db_randomkey. In the new sub, change $db_key to $db_randomkey.

Good luck!
========================================
Buh Bye!

Cheers,
Me

I tried this option and failed (there is the usual
'userid'=user's name as part of the url) which prompted me to change in the url that userid for the RandomID=xxxxx of that record in question with the following result:
There was a problem: There is no email address on file for this person which makes me think that
unless the RandomID is in the password file (instead of the userid) there will be no way of making a working mail form

Tomorrow I'll try both your other solution and to place the RandomID in the password file, let's hope..

Regards
Manuel

You don't need to have the RandomID in the Password file, trust me...Look at my suggestions carefully and try to use existing or modified subs in the db.cgi and html.pl files.
========================================
Buh Bye!

Cheers,
Me

I don't know what sub you mean Eliot I am lost here, could you elaborate on this?

Regards
Manuel