PHP Sessions Question

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • mkx
    Confirmed User
    • Nov 2003
    • 4001

    #1

    PHP Sessions Question

    Scenario: A user number 5884 into their account and edits there profile. The url is www.site.com/profile.php?id=5884. However, when they change the url to www.site.com/profile.php?id=5885 they can view the personal details of profile 5885.

    What php session script (or other) do I put at the top of the viewprofile.php scripting to allow the logged in user to view only his/her profile?
  • colorsoundoblivion
    Confirmed User
    • Jan 2005
    • 377

    #2
    session variables are stored in the $_SESSION array. you probably know this. and you probably know to store the user id for the person in a session variable?

    when someone messes with the url id number, they are changing the variable of $_GET['id'] in your script....so to make it where they can only view their own profile just do something such as if ($_SESSION['id'] hahahaha $_GET['id']) { echo 'all good now';}
    SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

    Comment

    • colorsoundoblivion
      Confirmed User
      • Jan 2005
      • 377

      #3
      if ($_SESSION['id'] hahahaha $_GET['id'])
      { echo 'allow viewing'; }
      else { echo 'fuck off lamer'; }
      SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

      Comment

      • colorsoundoblivion
        Confirmed User
        • Jan 2005
        • 377

        #4
        apparently two equal signs in a row is banned and replaced with hahahaha
        SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

        Comment

        • mkx
          Confirmed User
          • Nov 2003
          • 4001

          #5
          Sounds good, I will give it a whirl! Thank you

          Comment

          • Clarion
            Confirmed User
            • Jan 2005
            • 148

            #6
            To avoid that problem instead of using the $_GET["id"] just send them to profile.php and have it call the data using the session var, or if you don't want to be lazy and change what you have now (and this is bad form but it works ):

            PHP Code:
            $_GET["id"] = $_SESSION["ID"]; 
            
            Structure Northwest :: the cure for the common code ::
            AIM: Asatruel | Yahoo!: Asatruel | ICQ: 111-638-053

            Comment

            Working...