View Single Post
  #1  
Old 24th February 2013, 15:34
mrtnzlml mrtnzlml is offline
Junior Member
 
Join Date: Feb 2013
Location: Czech Republic
Posts: 12
Thanks: 1
Thanked 3 Times in 3 Posts
Default Secure deletion, roles

Hi!
I have handle for URL handleDeleteFTP($ftp_user_id). This function call sites_ftp_user_delete from ISPConfig. But there is problem with security, because one of GET parameters is ftp_user_id and everyone (if they are logged) can change this id and send it. How can I check owner of this record which want to delete? ISPConfig remote API is still little bit magic for me...

Second problem. I use this function for login:
$result = $this->client->client_get($this->session_id, array('username' => $username));
Everything is OK, but I need to know roles of users. $result contains no information for identify users by role. I need to know if user is in role admin or not...

Thanks for some clue.
Reply With Quote
Sponsored Links