Hello,

I would like to setup DBMan so the user can only view and/or modify a record he created. I also would like them to be able to do this without having to log-in. For example, I want them to be able to specify a URL such as this to modify there account:

http://www.server.com/cgi-bin/db.cgi?db=default&uid=username.93322581&modify_form=1&ID=300

Anytime the db.cgi script allows you to specify the URL, it also allows the user to modify any record. I tried every authentication method I can think of. Any ideas? Thanks, I appreciate the help

Jack

They will have to log in -- but you can get around it. In your html page link, use

http://www.server.com/cgi-bin/db.cgi?db=default&userid=userid&pw=password&login=1

That will get the person to html_home. From there, he/she can click on "Modify."

Set $auth_modify_own = 1; in your .cfg file to allow only the record owner to modify the record. Be sure you have a field for the user id in your database and that you set $auth_user_field to the number of that field.

------------------
JPD







[This message has been edited by JPDeni (edited July 31, 1999).]