Problems, need help? Have a tip or advice? Post it here.
3 posts Page 1 of 1
Good Afternoon!

I have a small issue that I am stuck on.
I am trying to develop a web app. This web app uses the extended users module to register the users with some constraints:
1. Only superadmin/ admin can register a user (or create a user).
2. This user has to be deactivated
3. Once the user logs in the user is activated (yet to implement, needs to be implemented using SMS OTP service)

Now since the super admin/ admin can create the users I want the super admin/ admin to be able to edit them too.

So my question is: How can the super admin / admin do that.
I have listed the users in a tabular manner (named as employee-list.php) and given an edit link to them, similar to what is mentioned at viewtopic.php?f=4&t=8758. But what happens it that thought the querystring parameter is correctly displayed, I still get to see only the details of the logged in user in the edit form (named as employee-edit.php).

For example, I am having the crafted URL's as:


But I get the data of id=116 if i am logged in from the user account at id 116 an so on for any of the crafted URL mentioned above.

I also was thinking that will it be possible to implement the extended users module using the custom routes module? I suppose that will be a good option if possible. But I am not sure if that can be done.

Please help.

Regards,
GenXCoders
Image
where innovation meets technology
genxcoders wrote: 3. Once the user logs in the user is activated (yet to implement, needs to be implemented using SMS OTP service)

This very point triggered my interest. Users are normally not allowed to login before activation. Activation can be done via backend (unchecking 'disabled') or via a special activation link. What makes you plan it the other way around?
@trendoman

Actually the end users will be using a mobile app to communicate with the web app. The web app can only be access by the super admin/ admin.

Also, since the app belongs to a specific organization, but will be available for download from the mobile app store, not all should be able to log into the mobile app. Hence those who already have their account created by the super admin/ admin will have their email id and mobile number in the database.

When someone downloads the app and tries to log in into the app, the system will check if that mobile number and email id already exists. If it does an SMS OTP and Mail OTP will be sent to the person who has downloaded the app, else not. Hence, restricting the people outside the organization from access the sensitive data.

Regards,
GenXCoders
Image
where innovation meets technology
3 posts Page 1 of 1
cron