Recent content by DaveH

When using a custom display/required function I find that when false/false is returned (e.g. no display, not required) that the hint for the field is displayed in place of the field (and the rest of the hints are shifted right based on the length of the hint). Is there a way to suppress this...

Looking closer it did not work - there is stuff under include/ that is needed. But that still leave the question of how to prevent client access to specific files. Apache replies to a GET of an existing PHP file with an empty reply: xx.xx.xxx.142 - - [01/Jan/2021:13:41:20 -0600] "GET...

Without a .htaccess file (apache) in the include directory a browser can access files like .txt, .json, .js if the name is known, which could be a potential security problem. I added a .htaccess file and it seemed to work ok, but will that break anything else? Thanks Your current DaDaBIK...

I discovered that the non-admins can still see and change the admin password which would allow them admin access. To prevent this I added the following to the view in the DBMS: WHERE (`schema`.`dadabik_users`.`id_group` <> '1')

Under certain conditions (based on the content of other tables) I need a delete request on a table entry to fail cleanly (display the reason). The before delete hook seems like the right place but it doesn't return a value (e.g. to force a failure), and calling die() is probably a bad idea...

That solved the problem, after configuring the unique field (I used the primary key) it works as you would expect. I also found it useful to set the default value for the authentication_type_user field in the view to dadabik and to hide that field to make it less complicated for this group of...

Thanks - I got the following error: [08] Error: during query execution. SELECT `managed_users`.`id_user`, `managed_users`.`username_user`, `managed_users`.`first_name_user`, `managed_users`.`last_name_user`, `managed_users`.`email_user`, `managed_users`.`id_group`...

I would like to create a user group that can do everything the admin group can except edit the application (to prevent a customer from breaking the app itself while allowing them control of all app related data). I tried the obvious of granting the new group all permissions on the dadabik_users...