i am creating site like say LinkedIn/spoke
like when i login ,i give my login id and password so database
checks it and allow me to access my profile
i need to know that in stackoverflow when we click to users
button all the users in stackoverflow are shown
but when i click to specific user
how does the database known that this specific user is clicked
and show's his/her profile data ?
should i create new page for viewing others user profile ?
and if i do so what will be the query for that
If you have 2 seperate queries then it makes easier (I'm not saying this is the best solution). So, you could have a 'select all users' query which could be something as simple as :
SELECT *
FROM MyUsers
This will return all of your users to your website, so you can view them. Then, when you select a user from your website, you call a different query, say 'select a single user', and pass a parameter from your website. The query could look something like :
SELECT *
FROM MyUsers
WHERE UserID = #UserID
This could be done in one stored procedure and test if your #UserID is NULL then run the required SELECT statement.
Related
So firstly I have no code to show as I'm trying to get my head around how to do this first.
So I have a website that has 3 account pages (Patient, Doctor, Admin) that have 3 different pages for these. There is 3 tables named Patient, Doctor and Admin with account/log in and registered details in them. There is also a field in each of these tables called Role and for Patient table I have the word Patient in the field for each record and the same for Doctor and Admin.
In my login page I need to grab these to determine their login. So if patient is logged in then in the masterpage the patient accountlink will turn visible and so on.
How do i grab all 3 of these roles and determine an if, store in session, and use the session in the masterpage to show whichever link.
Sorry if this is confusing.
What you need to do is have one main table where all the login details go. In this table, have a column called Role and when a new account is made, make it also input into the table, the role of the person.
If you need the other tables for other things, then use an if else statement to also make the information be input into the table that matches its role. (so that means, info input into two tables). This makes it a lot easier.
Then, on the page where the user is redirected after they log in, this is where you write the code to check for the user's role.
sql = "SELECT Role From tablename WHERE username = '"& textbox.text &"'"
Search the main table using the username of the user to find the role and then use an if statement to make the specific links show.
If sql = Patient then
<code here>
Else if sql = Admin then
<code here>
Else if sql = Doctor then
<code here>
End if
I've built a number sites using classic ASP type security and have continued using the same methods in ASP.NET. However, I now am looking for recommendations for a better or best practice way of doing it. I've read a few resource online but have not seen anything comprehensive enough that's applicable to what I'm trying to do. What I'm trying to do is apply user specific security that determines that user's access to specific pages, sections on that page, and fields in each section. It also needs to restrict access to various records as well and determine whether it's read or write privileges.
For those interested, here's how I've done it so far:
Because I lacked the know-how, here's how I did it using the old ASP classic way...
First, on the database side I have 4 relevant tables: tblUsers, tblRoles, tblPages, tblRecords (haven't gotten to sections and fields yet). Each user can belong to a "role" and the role then determines what pages they can access as well as what records they can access in various tables (there are a number of other tables in the db as well e.g. tblCustomers, tblSales, etc...). Each table includes these fields:
tblUsers: UserID, UserName, UserPwd
tblRoles: RoleID, RoleName, UserID
tblPages: PageID, PageName, RoleID
tblRecords: RecordID, RecordTable, RoleID
Now on the application side here's what I've done:
First, my login page is based on 1) looking up the user name and password in the tblUsers table and 2) if found, setting a session variable named "UserLoggedIn" = true. Then on every page load event I check if the UserLoggedIn session is set to true, if so, continue... if not clear all session variables (log out) and send the user back to the login page. The old classic ASP way of doing it.
Second, with the login set up, to control page access, when the user is logged in I created another session variable that holds a pipe delimited string of all the pages that user can access (e.g. Session("PageAccess") = "{1|3|10|8}"). Then in each page's load event I've explicitly added a variable/constant that uniquely identifies that page (e.g. pageone.aspx has Dim PageID As String = 1). Then I check to see if the PageID matches an ID stored in the PageAccess session. If it does, continue... If it doesn't I send them to the home page.
Third/Last, for the records access, I did the same thing. When the user is logged in I created a session variable that hold a pipe delimited string of all the records the user could access along with the table it's related to (e.g. Session("RecordAccess") = "{tblCustomrs||1|5|7}" and checked it and applied it basically the same way as the page session variable.
My Solution is :(it worked for my projects)
tables : tblUser , tblRole ,
tblUserInRole : userid,roleid,username,password (this design help you can assign more than one role to a user)
tblrole, tbrules(your Access Controls for example pages)
tblRulesInRole : roleid , ruleid,Editable,Viewable,printable,Deletable
For Implement Access Control in every request and response ,you should Create HttpModule......
I'm working on using the membership functionality of the ASP .Net sites. There are multiple ways to create users and one way is to create users and add a user profile to the system. The other is to use an enhanced wizard then add the user and then their profile information. Well, if you go route 1, then the user does not get a record inserted into the user profile table and then when the user goes to update their profile, then on the page load I would like the page to look for their record. If one does not exist, insert a blank one. Does anyone have a sample script to look up a user's profile based on their unique id in SQL CE? If the record does not exist (record count = 0) then insert a new blank record.
When I load up a grid view (which is supposed to display data of that user). However, when I log in as a user and view the grid view it displays both the current user's data and others' data. I want it to only display the current logged in user's data.
How would I use userid = convert.toint32(session["userId"].tostring()) to check my current logged in user's username and display only their data from the database's table?
Just make your query to get the data something like
"Select * from SomeTable Where UserId = #userId"
And then set the parameter to userid
Same way as you'd do a query based on user input.
I'm trying to login users by detecting it's facebook user id.
"profile_fbuid" is a (hidden) profile field that I created to login users with the corresponding facebook user id.
When a user tries to login with Facebook I detect his/her facebook user id, but when I try to match with corresponding Drupal user this line doesn't work:
$user_exists = user_load(array('profile_fbuid'=>$fbuserid));
I get this error: user warning: Unknown column 'profile_fbuid'
I know what the error means, but I don't know how can I search a user using a user profile field.
Thanks for your help!
You created a custom field that is attached to the user profile called profile_fbuid. What you want to do in the database is look for this table:
field_data_field_profile_fbuid.
The relevant columns are entity_id, which will be the (Drupal) user id, and field_profile_fbuid_value, which will contain the value (the Facebook UID).
There is no field in the users table called profile_fbuid, so I assume you generated this field by using the user profile module.
I think it's better to create a query which gets the uid of this column and then passes it to the user_load() function.
$query = db_query("select `uid` from {table_name} where `profile_fbuid` = %d ",$fbuserid );
while($result = db_fetch_object($query)){
$uid = $result->uid ;
$user_exists = user_load(array('uid'=>$uid));
}