Re: [nmsinc] Redirect Plugin?
The best way to secure it would be to figure out the logic for which users are "allowed" to view a specific record. For example, say you had user groups A, B, and C and both users and records were assigned to those groups. You might have some code like this:
if ($CURRENT_USER['group'] != $record['group']) {
die("Sorry, you don't have access to this record");
}
Another way is to use two keys to access the record so it would be much harder to guess. One example might be the createdTime, so you could have an url such as: ?num=123&token=1335201606 then some code:
if ($record['createdTime'] != $_REQUEST['token']) {
die("Sorry, record token is invalid, please check your link!");
}
Or you could just create a new field (eg: lookupID), populate that with an unused random value and lookup on that. eg: viewer.php?lookupID=d131dd02c5e6eec4
If you want a nice random looking string sometimes I used the md5() function for that.
Hope that helps! Let me know any questions.
Dave Edis - Senior Developer
interactivetools.com