• Hello Fabrik Community

    Fabrik is now in the hands of the development team that brought you Fabrik for Joomla 4. We have recently transitioned the Fabrik site over to a new server and are busy trying to clean it up. We have upgraded the site to Joomla 4 and are running the latest version of Fabrik 4. We have also upgraded the Xenforo forum software to the latest version. Many of the widgets you might have been used to on the forum are no longer operational, many abandoned by the developers. We hope to bring back some of the important ones as we have time.

    Exciting times to be sure.

    The Fabrik 4.0 Official release is now available. In addition, the Fabrik codebase is now available in a public repository. See the notices about these in the announcements section

    We wish to shout out a very big Thank You to all of you who have made donations. They have really helped. But we can always use more...wink..wink..

    Also a big Thank You to those of you who have been assisting others in the forum. This takes a very big burden off of us as we work on bugs, the website and the future of Fabrik.

Remove "rowid=..." from url

da_vinci

New Member
I'm looking for solution, I have to remove rowid= from url to details because user can change rowid=1 to rowid=2 on page url and in this simple way he can see row with id=2.
Is there any way to change this?
 
You can't prevent the user (or hackers) to change anything in the URL (list/form/row IDs) or compose any URL, so you have to set the right access settings.

If a list shouldn't be visible to public it's not enough to have no menu item pointing to the list but list add/edit/view... access must be at least "Registered".

If registered (logged in) users are not allowed to see all records your list must contain e.g. a user element storing the userID and a prefilter on this element.
 
You can't prevent the user (or hackers) to change anything in the URL (list/form/row IDs) or compose any URL, so you have to set the right access settings.

If a list shouldn't be visible to public it's not enough to have no menu item pointing to the list but list add/edit/view... access must be at least "Registered".

If registered (logged in) users are not allowed to see all records your list must contain e.g. a user element storing the userID and a prefilter on this element.
I have prefilter on serial number column, rows are not created by users so I cant use userID to protect, they only can search, find and see row with searched serial number no other way. But now they can change rowid on url and see other row. Maybe there is another way to hide rowid from url?
Maybe there is a way to give this serial number column as rowid?
 
"Hiding" rowid won't help since anyone knowing fabrik's url structure can type a full url in his browser conatining any rowid number.
If a serial number is attached to only one user, you can use a user element to store the user's ID and prefileter on it. if it is not the user that creates the record, you'll have to do the matching yourself when you create the record.
Now if any number of users (possibly not logged in) have to be able to consult only a specific row and nothing else, I think the easiest way is to create a search form that would filter (via a redirect form plugin) your list on the serial number.

Of course, nothing can prevent them to search any possible serial number (although you may apply some restrictions on the amont of searches allowed per time slot for instance).
 
I think the easiest way is to create a search form that would filter (via a redirect form plugin) your list on the serial number.
I can't imagine how to use this plugin, do you have any ideas?
What about add serial number to url as rowid, maybe there is a way to make it key column and pass it as a parameter?
 
You cannot use the serial number as rowid but you can use the serial number as part of the url in order to filter the list.
The question is: how do you build this url?
Maybe if you explain your process, we could help better.
 
You cannot use the serial number as rowid but you can use the serial number as part of the url in order to filter the list.
The question is: how do you build this url?
Maybe if you explain your process, we could help better.
I'm not building url it is made by system and now looks like this:
/index.php?option=com_fabrik&view=form&Itemid=107&formid=10&rowid=1&listid=10
If I could pass serial on url it will be great.
 
Hi jfquestiaux,
you can use the serialnumber as rowid by using the "usekey" feture, eg. (if serialnumber is the element name) something like
/index.php?option=com_fabrik&view=form&Itemid=107&formid=10&rowid=AB123C&usekey=serialnumber&listid=10

but this won't prevent a user to type
/index.php?option=com_fabrik&view=form&Itemid=107&f ormid=10&rowid=1&listid=10
to see the content of row 1.
 
Hi jfquestiaux,
you can use the serialnumber as rowid by using the "usekey" feture, eg. (if serialnumber is the element name) something like
/index.php?option=com_fabrik&view=form&Itemid=107&formid=10&rowid=AB123C&usekey=serialnumber&listid=10
Can you tell me how to do this?
 
You'll have to create a custom link, either in your list's settings or in one element's settings.
Include the serial number with a placeholder {full-element-name-of-your-serial-number_raw}
 
Thank you all, now everything works, I have build custom link on element and small php script.
Only I have still one problem, i can't to modified search table (list view) to have search entry enlarged and aligned on center. I don't know where to change it or which file create this view.
 
Thank you for your tip, I have problem with filter element size (editbox should be longer) it has now 20 ( I need to write 50) but I can't find where it is set?
Code:
$filter->element
 
We are in need of some funding.
More details.

Thank you.

Members online

Back
Top