HI Debbie
I have tried that and i didn't get any errors, but it doesn't display the entries, it still only displays by the user name who entered the record.
I am wondering if i have given you the right info.
Each user is given a user name & password using the "add record" for the users_tab table. i generate a password MD5 and insert it.
so get:
id: 42
usertype: normal
Username: LeeG
password: (isn't shown once entry has been completed
tables_user << This i use to store the password in English, as i dint know what this is for
I then edit using the configuartor for MHCustomers, the field called "canvasser" (Salesman) adding the username to the list
~~IanL~AlanK~BarryC~
LeeG~DawnL~NeilB~SRadford~
I add another user (as above as normal user and call him BarryC). again using the configuartor i add BarryC to the list for the field called "surveyor"
You will note that the field names have changed because the real field names in the DB (phpmyadmin) are canvasser & surveyor.
I changed your code above to reflect this)
I then log in as admin and add a new record
Mr Test
123 the street. Etc
canvasser = LeeG
surveyor = BarryC
I then log out, close browser, delete cookies etc.
Log back in again as LeeG (username doesn't seem to be case sensitive)
but cannot see "Mr Test" record.
Log out as LeeG and back in again as BarryC
the result is the same.
Log in as admin, i can see the record.
Looking via phpmyadmin at the table MHCustomers, i see an entry for Mr Test, and under surveyor field is BarryC and canvasser field is "LeeG"
the capitals are the same as the usernames.
here is the section of code you gave me to change (along with my changes to the field names.
[pre]
global $current_user, $conn, $db_name, $quote;
// get the name of the field that has ID_user type
$ID_user_field_name = get_ID_user_field_name($fields_labels_ar);
if ($ID_user_field_name === false) {
return true; // no ID_user field type, no authentication needed
} // end if
else {
// check if the owner of the record is current_user
$sql = "SELECT ".$quote.$ID_user_field_name.$quote." FROM ".$quote.$table_name.$quote." WHERE ".$quote.$where_field.$quote." = '".$where_value."' AND ".$quote.$ID_user_field_name.$quote." = '".addslashes($current_user)."'";
$res = execute_db($sql, $conn);
$num_rows= get_num_rows_db($res);
// check if the current user is the assigned canvasser/surveyor of the record
$sql1 = "SELECT ".$quote."canvasser".$quote.", ".$quote."surveyor".$quote." FROM ".$quote.$table_name.$quote." WHERE ".$quote."canvasser".$quote." = '".addslashes($current_user)."' OR ".$quote."surveyor".$quote." = '".addslashes($current_user)."'";
$res1 = execute_db($sql1, $conn);
$num_rows1= get_num_rows_db($res1);
if (($num_rows === 1) || ($current_user == $res1["canvasser"]) || ($current_user == $res1["surveyor"])){
return true;
} // end if
else{
return false;
} // end else
} // end else
[/pre]
Thanks very much for your help so far Debbie