问题
i have an orderdetails page wherein customers can view their history page. And this is the url:
when i change the ID from 13 to lets say 14, it still shows the details on whats inside ID#14. What i want to happen is to have an error when customers try to change the localhost ID. Or to restrict the ID to be edited? Really dont have any idea on what to do. Encryption?
By the way here is the orderdetails code behind: (this is in user control)
public partial class ucCustomerOrder1 : System.Web.UI.UserControl
{
public bool CanIUpdateStatus;
public string TransactionNoText
{
get { return txtTransactionNo.Text; }
set { txtTransactionNo.Text = value; }
}
public bool IsAuthorizedToAddStatus
{
set { CanIUpdateStatus = value; }
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Session["IslandGasAdmin/ST"] == null)
{
txtTransactionNo.ReadOnly = true;
btnGo.Visible = false;
}
else
{
txtTransactionNo.ReadOnly = false;
btnGo.Visible = true;
}
if (txtTransactionNo.Text != string.Empty)
{
ShowOrderDetails(rblOrderDetails.SelectedValue, Convert.ToInt32(txtTransactionNo.Text));
}
else
{
rblOrderDetails.Visible = false;
Panel1.Visible = false;
Panel2.Visible = false;
Panel3.Visible = false;
Panel4.Visible = false;
}
}
}
private void ShowOrderDetails(string PanelId, int OrderNo)
{
Panel1.Visible = false;
Panel2.Visible = false;
Panel3.Visible = false;
Panel4.Visible = false;
rblOrderDetails.Visible = false;
if (IsOrderNoValid(OrderNo))
{
rblOrderDetails.Visible = true;
if (PanelId == "1")
{
ShoppingCart k = new ShoppingCart
{
Flag = OrderNo
};
DataTable dtCustomerDetails = k.GetOrderList();
if (dtCustomerDetails.Rows.Count > 0)
{
Panel1.Visible = true;
lblCustomerName.Text = Convert.ToString(dtCustomerDetails.Rows[0]["CustomerName"]);
lblCustomerPhoneNo.Text = Convert.ToString(dtCustomerDetails.Rows[0]["CustomerPhoneNo"]);
lblCustomerEmailID.Text = Convert.ToString(dtCustomerDetails.Rows[0]["CustomerEmailID"]);
lblTotalPrice.Text = String.Format("{0:#,000.00}",dtCustomerDetails.Rows[0]["TotalPrice"]);
lblTotalProducts.Text = Convert.ToString(dtCustomerDetails.Rows[0]["TotalProducts"]);
txtCustomerAddress.Text = Convert.ToString(dtCustomerDetails.Rows[0]["CustomerAddress"]);
lblPaymentMethod.Text = Convert.ToString(dtCustomerDetails.Rows[0]["PaymentMethod"]);
}
}
if (PanelId == "2")
{
Panel2.Visible = true;
ShoppingCart k = new ShoppingCart()
{
Flag = OrderNo
};
dlProducts.DataSource = k.GetTransactionDetails(); ;
dlProducts.DataBind();
}
if (PanelId == "3")
{
Panel3.Visible = true;
DropDownStatus.Visible = CanIUpdateStatus;
txtStatus.Visible = false;
//txtStatus.Visible = CanIUpdateStatus;
btnAdd.Visible = CanIUpdateStatus;
GetSetOrderStatus(0);
}
}
else
{
Panel4.Visible = true;
}
}
private bool IsOrderNoValid(int OrderNo)
{
ShoppingCart k = new ShoppingCart
{
Flag = OrderNo
};
DataTable dtCustomerDetails = k.GetOrderList();
if (dtCustomerDetails.Rows.Count > 0)
return true;
else
return false;
}
private void GetSetOrderStatus(int Flag)
{
ShoppingCart k = new ShoppingCart
{
OrderStatus = DropDownStatus.SelectedValue,
OrderNo = txtTransactionNo.Text,
Flag = Flag
};
DataTable dt = k.GetSetOrderStatus();
gvOrderStatus.DataSource = dt;
gvOrderStatus.DataBind();
//txtStatus.Text = string.Empty;
//DropDownStatus.SelectedValue = string.Empty;
}
please do help me, thank you
来源:https://stackoverflow.com/questions/37562604/avoid-local-host-id-to-be-edited-by-customers