[SOLVED] problem with profile page $_GET or sessions??

[z-victoria]

hey guys

i dont really know how to explain this but i'm trying to get my user profile page working but when im logged in the script kills and redirects to the index.php page i dont want it to do this, when username1 is logged in they can still view the profile if they click the link to the username2's profile and vise versa, i want guests to be able to view other profiles too but if they go straight to profile.php without setting the id of the user they want to view ...then its supposed to kill..

 

for the profile.php page i'm using the $_GET function to get the users id like so

i dont no if theres any problems with this or not as im fairly new to PHP/SQL

 

<?php
session_start(); 
// Connect to database
include_once "conn.inc.php";
// If coming from category page
if ($_GET['id']) {
     $id = $_GET['id'];
} else if (isset($_SESSION['id'])) {
 $id = $_SESSION['id'];
} else {
   include_once "index.php";
   exit();//kills script if user cannot be authenticated
}
$id = mysql_real_escape_string($id);
$id = eregi_replace("`", "", $id);
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id'");

while($row = mysql_fetch_array($sql)){ 

$image = $row["imagelocation"];
$username = $row["username"];
$firstname = $row["firstname"];
$lastname = $row["lastname"];
$country = $row["country"];	
$city = $row["city"];	
$bio = $row["bio_body"];
}
?>

the above code is just the PHP ive left out the html design etc where the sql row echos are etc and ive done row echos before so i know they're deffo not the problem 

the id field in my table is int(10) not null auto_increment primary key.

 

for other pages where users have to be logged in to view im using sessions

which are in auth_user.php which is included in pages that are restricted etc

 

<?php
session_start();
if ((isset($_SESSION['username']) &&
$_SESSION['username'] != "") ||
(isset($_SESSION['password']) &&
$_SESSION['password'] != "")) {
//Do Nothing!
} else {
$redirect = $_SERVER['PHP_SELF'];
header("Refresh: 5; URL=user_login.php?redirect=$redirect");
echo "You are currently not logged in, we are redirecting you, " .
"be patient!<br>";
echo "(If your browser doesn’t support this, " .
"<a href=\"user_login.php?redirect=$redirect\">click here</a>)";
die();
}
?>

 

like i said i dont really know how to explain this but is the profile.php killing the script instead of showing the selected users profile because i need to use the same auth_user.php file in my profile.php instead of the $_GET? will username1 still be able to view username2 if i use that file..even as a guest?

i've tried swapping it to sessions but the page don't seem to work with them either....

 

any tips would be very appreciated

and i have searched everywhere for hours on end for help but dont seem to be getting anywhere

cheers guys.

[xtopolis]

This is pretty confusing how you've explained it.  I reread your first paragraph a few times, and I'm not quite sure what it's doing versus what you want it to do...  And the second code chunk/paragraph is equally vague.

 

The top code chunk is where I assume you're having trouble, and the trouble would be that it always reaches the decision to: include_once "index.php" ? maybe?  Perhaps try rewriting the if statement and see if that changes anything:

if(!isset($_GET['id']) && !isset($_SESSION['id'])){
  require_once 'index.php';
  exit();
}else{
  if(isset($_GET['id'])) {
    $id = $_GET['id'];
  }else{
    $id = $_SESSION['id'];
  }
}

My limited tests show that if GET id variable is defined, $id will hold that value, then in case of failure it will look to SESSION for a value.  If neither of them are defined, it instantly dies.  The final code would of course have validation, especially for the _GET variables..

[z-victoria]

thanks for you reply, and yeah what you said about the GET id is sorta what I want it to do, i'll worry about the rest of it later so just ignore all my rubbish up there, just tried your re-write and its still killing the script instead of continuing to send out the user profile information so is $id not holding the value? I'm well confused.

[xtopolis]

so using my code in your code like this:

<?php
session_start(); 
// Connect to database
include_once "conn.inc.php";
// If coming from category page
if(!isset($_GET['id']) && !isset($_SESSION['id'])){
  require_once 'index.php';
  exit();
}else{
  if(isset($_GET['id'])) {
    $id = $_GET['id'];
  }else{
    $id = $_SESSION['id'];
  }
}
$id = mysql_real_escape_string($id);
$id = eregi_replace("`", "", $id);
$sql = mysql_query("SELECT * FROM user_info WHERE id='$id'");

while($row = mysql_fetch_array($sql)){ 

$image = $row["imagelocation"];
$username = $row["username"];
   $firstname = $row["firstname"];
   $lastname = $row["lastname"];
   $country = $row["country"];   
   $city = $row["city"];   
$bio = $row["bio_body"];
}
?>

When you go to yoursite.com/nameofpage.php?id=4 it just redirects you to index.php?

(of course replacing nameofpage with the name of the script above

[z-victoria]

ahh i think thats what it is viewing the wrong page LOL, i've just put the new url and its showing the page it should but not the information which is probs because the script is unfinished at the moment...i'll put this on solved for now and come back if i get any more errors

 

cheers for the advice