GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - PHP Sessions Question (https://gfy.com/showthread.php?t=413688)

mkx	01-08-2005 05:14 AM

PHP Sessions Question

Scenario: A user number 5884 into their account and edits there profile. The url is www.site.com/profile.php?id=5884. However, when they change the url to www.site.com/profile.php?id=5885 they can view the personal details of profile 5885.

What php session script (or other) do I put at the top of the viewprofile.php scripting to allow the logged in user to view only his/her profile?

colorsoundoblivion

01-08-2005 05:34 AM

session variables are stored in the $_SESSION array. you probably know this. and you probably know to store the user id for the person in a session variable?

when someone messes with the url id number, they are changing the variable of $_GET['id'] in your script....so to make it where they can only view their own profile just do something such as if ($_SESSION['id'] hahahaha $_GET['id']) { echo 'all good now';}

colorsoundoblivion

01-08-2005 05:36 AM

if ($_SESSION['id'] hahahaha $_GET['id'])
{ echo 'allow viewing'; }
else { echo 'fuck off lamer'; }

colorsoundoblivion

01-08-2005 05:37 AM

apparently two equal signs in a row is banned and replaced with hahahaha

mkx	01-08-2005 09:41 AM

Sounds good, I will give it a whirl! Thank you

Clarion

01-08-2005 11:04 AM

To avoid that problem instead of using the $_GET["id"] just send them to profile.php and have it call the data using the session var, or if you don't want to be lazy and change what you have now (and this is bad form but it works :)):

PHP Code:


		
			
$_GET["id"] = $_SESSION["ID"];

All times are GMT -7. The time now is 02:25 AM.