I want registered user can only modify and delete own records, and default user can only view records.

Problem is that registered user can modify and delete all records.

These are my fields:

%db_def = (
ID => [0, 'numer', 5, 5, 1, '', ''],
Title => [1, 'numer', 50, 50, 1, '', ''],
URL => [2, 'alpha', 40, 40, 0, 'http://', '^http://'],
Date => [3, 'date', 12, 15, 0, &get_date, ''],
Category => [4, 'alpha', 50, 50, 1, '', ''],
Description => [5, 'alpha', 1000, 1000, 1, '', ''],
ContactName => [6, 'alpha', 15, 15, 0, '', ''],
ContactEmail => [7, 'alpha', 40, 50, 1, '', ''],
Hits => [8, 'alpha', 5, 15, 0, '', ''],
isNew => [9, 'alpha', -1, 15, 0, '', ''],
isPopular => [10, 'alpha', 5, 5, 0, '', ''],
);

I have this settings:

$db_key = 'ID';
$db_key_track = 1;
$db_delim = '|';
$db_use_flock = 1;
$db_auto_generate = 0;
$db_benchmark = 0;
$db_debug = 0;
$db_max_hits = 20;
$db_bold = 0;

# Authorization Options

$auth_no_authentication = 0;
$auth_time = 21600; # 6 hours (in seconds)
$auth_logging = 1;
$auth_allow_default = 1;
@auth_default_permissions = (1,0,0,0,0);
$auth_signup = 1;
@auth_signup_permissions = (1,1,1,1,0);
$auth_modify_own = 1;
$auth_view_own = 1;
$auth_user_field = 9;

Records looks:

81|Test| |23-Nov-1999|Angebot_Dienstleistung|Test|meier|mmm@skai.de|meier54459| |
82|Anzeige von Hugo| |23-Nov-1999|Angebot_GPS_und_Elektronik|Test|hugo|hugo@hugo.de|Hugo88249| |

Am I right that the userid is written in field 8 instead of 9 ???

Is this the reason why a registered user can modify and delete all records ?


What´s wrong??

Michael

Part 2

In the meantime I changed

$auth_view_own = 1;

to

$auth_view_own = 0;


Now I have the situation that a registered user can view all records (including own records), but no records are listed when trying to modify or delete

Michael

I found the reason of the problems ....

I used an old version of auth.pl

Michael