Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
What is wrong with this code?
  • MutsMuts
    K first of all, sorry for asking so many question (half of them were even beginners mistakes). BUT So let me explain first in general what teh relations are:
    Each user has several api_keys (for a game - Eve Online) and each api_key has several characters. Now my idea was to let the user set the visibility of their characters to private or public.
    When set to private there are able to add users to a list for them to see the character. So a simple URI would be ROOT/edit/character_id But what bugged me was the fact that anyone can modify the character_id to someone else's. So what I did was set a boolean check for wether the character was of the logged in user or not.
    //controller
if(Model_Character::is_owned($this->user_id, $character_id))
  {
   //edit the character
  }
  else
  {
   Session::set_flash('error', 'This character is not yours!');
   Response::redirect('/characters');
  }
//model
public function is_owned($id, $character_id){
  $characters = Model_Character::find()
   ->related('simpleusers_api')
   ->where('t1.user_id', '=', $id)
   ->get();

  $flag = false;
  
  foreach($characters as $character)
  {
   if ($character->character_id == $character_id)
   {
    $flag = true;
   }
  }
  return $flag;
 }

    when I test this and debug the flag it returns true (or false when using another user) so that works. But when I click on edit and the validation is done, I get the error message from 
    ession::set_flash('error', 'This character is not yours!');
   Response::redirect('/characters');

    Although the flag returned true.... How is this even possible?
    part controller and view script : http://scrp.at/YL
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories