Archive of UserLand's first discussion group, started October 5, 1998.

Re: DG security Check

Author:André Radke
Posted:5/14/1999; 1:55:54 AM
Topic:DG security Check
Msg #:6200 (In response to 6194)
Prev/Next:6199 / 6201

Can we add a #security script that only queries the FMPro database if the the user is submitting the discussion group sign up form?

This could work.

what parameters would identify that the user is submitting the signup form?

How mainResponder.members.checkMembership knows about this is by looking at the pathargs field in the param table - it's value is "signupForm" in that case. Your security script could do the same...

Is the pageTable available at the time the #security script is run?

The #security script runs while the page table is still being assembled. But the pathargs field -- which is the one you need to look at -- is already there.

You can't use html.getPageTableAddress though because the #security script doesn't run in the context of the website framework. But everything in the param table appears as globals to the #security script. Here's the relevant part from the gatherAttributes handler in mainResponder.respond that calls the security script:

local (adrsecurityscript = @adrtable^.["#security"]);
if defined (adrsecurityscript^) { //great! the sysop is using a cool feature
	callScript (adrsecurityscript, {}, adrparamtable)} //scriptError to kill request

This page was archived on 6/13/2001; 4:50:08 PM.

© Copyright 1998-2001 UserLand Software, Inc.