How to protect data? Need advice.

[heero]

Hi all,

I have a public form. Users are doing there one time orders. So fields like address, emails and cell numbers are entered. Web page works like so. I have small form with mandatory fields. After submitting that new windows opens (redirect plugin) where additional information can be added. Also already entered data is seen there. After submission this form order is done. Now comes a problem how to protect data. I don't like to use login (user, passwd) solution. This will make whole system too clumsy. Right now I see problem that users basically can see (hack) to other users data using URL and playing with different rowid's. Like:

http://AAAAAA/?option=com_fabrik&view=form&fabrik=4&rowid=32&isMambot=1

Basically changing rowid number (32) is possible to see someones data.

My questions how to avoid that? How to do form filling so that it can not opened anymore? Your ideas please.

 

[Sophist]

You are wanting the second form to be accessible by one anonymous Public user, so it is not going to be easy to protect it from other users if you use this approach.

You could e.g. store the user's IP address and only present the second form to a user with the same IP address - but that doesn't stop the next user at the same cyber-cafe PC from accessing it.

The simplest method would be to make new data enterable by an anonymous Public user, but make the data retrievable only by an authenticated user in e.g. an admin group, and to use a multi-page form so that the data is not saved until it has all been entered.

There is also a persistent data capability in Fabrik which is designed to save partially completed forms for later completion, however in my experience this can lead to other issues.

Hope this helps.

S