1

Topic: How To Protect html-imbedded Calendar from user 'use'..

Hi, thank you soo much for your wonderful creation! I have embedded the calendar into my 'other' program, so the calendar is at the top of ever page my user will goto! The possible problem I noticed, that might occur, is when I log in to the calendar to to admin work, ALL the users will see this, AND have access to it! I know of a few things off hand that will stop this:
1) eventually each user will have access 'anyway', so this won't really matter.
2) Meanwhile, if I know where to find the 'text' file of LuxSoft Calendar, I can edit it manually, thereby bypassing 'logging' into it as admin, to work on things.
So I guess my question:,  where is the config(s) file, for the calendar? Is it in separate sql files.. or just one..
John smile

Re: How To Protect html-imbedded Calendar from user 'use'..

Hello John

Are we talking logging in on the same computer?
If it is a computer that is shared among users, then you can make a logout after you have made changes as admin. Then a "new" user on the computer will be treated as a "guest" by the calendar.

If we are talking about differenet computers, then logged in as admin on one computer should not affect other computers.

The login is stored in cookies. If you have a Chrome browser and a Firefox browser on the same computer then you can be logged in in a session using the Chrome browser - and not logged in in a session using the Firefox browser.

Please give some more explanation about what you mean you can achieve by editing the config file.
The config is stored in the database and there is a lcconfig.php created on the server by installation (that you should not edit).

Re: How To Protect html-imbedded Calendar from user 'use'..

Hi Schwartz, thank you soo much for your kind and prompt reply. The set up is to have users on the net from all around the world logging into to my software, which will have LuxCal embedded, for their use. Some users will be their only admin, while others may share that responsibility, hence my noticing this issue yesterday while I was testing. The program (an saas) for now, is not released. I will be proud to notify you folks at that time.
So in a nutshell I just want to make sure when I am logged in as admin, that others will not see the same screen and hence be able to manipulate it (on purpose or mistake). I noticed this yesterday, hence my question.
However I prol should have researched a little more before asking here, but it was late yesterday.. you know wink
Anyway I realized a few minutes ago that if I jus go into the sqlite file that I can do everything without logging into another session, and thereby, for the most part, avoiding this possible 'race condition' with the calendar settings.
As far as my initial concern about this, for future (protection) for my users/clients, I suppose what you mentioned should suffice; ie, it will ultimately be up to my clients to assigning admin rights and such, and therefore under normal conditions, this should not be a worry.
My example I suppose of a 'possible' scenario, where someone would be working in the admin screen, at the same time others were 'logged' in and thereby see the admin screen as well. To avoid this, it is now good to know, that I can adjust anything in the db directly, which should be suffice, for safety.
John