Jump to content


Photo

how to only the user edit there own profile


  • Please log in to reply
4 replies to this topic

#1 rallokkcaz

rallokkcaz
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationSomewhere, CA (Cactus Area)

Posted 10 September 2006 - 05:17 PM

ive got an edit profile page but the problem is anyone can edit it??
what should i do?

here's the code
<?PHP

include ("config.php");

//if the user is not logged in, then redirect to login page.
 if(!is_logged_in($user)){
     header("Location: error.php");  die();
}else{
      include ("header.php");
      //put your code here (protected page).
echo "$userid";
include ("edit_profile.php");
}
?>
i only want the that user to edit there own profile. not anyone else.

#2 Wintergreen

Wintergreen
  • Members
  • PipPipPip
  • Advanced Member
  • 107 posts

Posted 10 September 2006 - 05:30 PM

What I did with my blog site is do a check for id the user is logged in, as well as for if the user name matches the name of the profile.  When the users log in, create a session variable that contains their username, like $_SESSION['user_name'] and then you can use it as a check before you allow them to modify their profile. 

#3 rallokkcaz

rallokkcaz
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationSomewhere, CA (Cactus Area)

Posted 10 September 2006 - 05:31 PM

so what would i do to the code?

#4 Wintergreen

Wintergreen
  • Members
  • PipPipPip
  • Advanced Member
  • 107 posts

Posted 10 September 2006 - 05:42 PM

This is just my way of doing it, but anyway, you'll need to include <? session_start(); ?> at the top of each page, and you'll have to set $_SESSION['user_name'] when they log in since you'll be using this to do your check. 

So on your site, you can have a page called members.php.  And as a link to this, if you want bob to be able to see and edit his profile, but only let other people see it and not edit, you can do something along the lines of having a link like members.php?user=bob.  And on the members.php page do

<?
$user_name = $_SESSION['user_name'];  /* This is the logged in user's name */
$user = $_GET['user']; /* This will be the part of the link after the = sign */
?>

Now you do your read from the DB, ie SELECT FROM users WHERE user_name = $user, then print out the stuff in the format you want.  Then after you print it, do a simple check to see if the name of the person logged in is the same as the name of the profile, so

if ($user_name == $user) {
Print out your form here, containing the info already read from the DB.  This let's them edit their userinfo
}

And then make a page that will get the $_POST values and write them into the DB and you're done.

#5 rallokkcaz

rallokkcaz
  • Members
  • PipPipPip
  • Advanced Member
  • 194 posts
  • LocationSomewhere, CA (Cactus Area)

Posted 10 September 2006 - 06:07 PM

ok
now nothing hapens when you try to edit a profile






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users