User redirect

[remmerden]

Hi guys,
I am using the 'Login' and 'User redirect' options to accomplish that customer A (cust.nr 100) after login is redirected to webpage 100.php. In the same way customer B (cust.nr 200) is redirected to webpage 200.php.

So far so good but when customer 100 is redirected to page 100.php he can change the url to 200.php. This way he could see customer info which only customer 200 is allowed to see. I am hoping there is a way to secure this but I don't know how.

I understand that based on this information, you pobably cannot tell me what I did wrong or forgot to do. I hope however that you can tell me whether my issue can be solved using WWB19 features.

Kind regards,
Ken

[Pablo]

If you to limit access to pages, then you can use 'user roles':
https://www.wysiwygwebbuilder.com/userroles.html

[mfirlotte]

Just thinking out loud here. May not be what you're looking for as you do not mention whether you use a database or not for the user data...but...

After login, everyone gets sent to the same page (getdata.php) who's sole purpose is to collect the data, from a database, of that user's details. The data from the database is then used to populate a page (same page or user_template.php) that's the same for everyone but the details/data would be different.

Just thinking...

[remmerden]

Thanks for your reply Pablo!

I wanted to try that but when I tried to change a user role from 'Admin' to 'Member' in my 'Admin' function, it didn't save this change.
Do you have any idea why?

The URL of my admin page is http://gereedschap.remmerden.nl/admin.php (temporary login there is ken)

[Pablo]

Does your (MySQL) database have a roles field?
Note, as mentioned in the help, roles do not work with CSV