Jump to content

how to only the user edit there own profile


rallokkcaz

Recommended Posts

ive got an edit profile page but the problem is anyone can edit it??
what should i do?

here's the code
[code]<?PHP

include ("config.php");

//if the user is not logged in, then redirect to login page.
if(!is_logged_in($user)){
    header("Location: error.php");  die();
}else{
      include ("header.php");
      //put your code here (protected page).
echo "$userid";
include ("edit_profile.php");
}
?>[/code]
i only want the that user to edit there own profile. not anyone else.
Link to comment
Share on other sites

What I did with my blog site is do a check for id the user is logged in, as well as for if the user name matches the name of the profile.  When the users log in, create a session variable that contains their username, like $_SESSION['user_name'] and then you can use it as a check before you allow them to modify their profile. 
Link to comment
Share on other sites

This is just my way of doing it, but anyway, you'll need to include <? session_start(); ?> at the top of each page, and you'll have to set $_SESSION['user_name'] when they log in since you'll be using this to do your check. 

So on your site, you can have a page called members.php.  And as a link to this, if you want bob to be able to see and edit his profile, but only let other people see it and not edit, you can do something along the lines of having a link like members.php?user=bob.  And on the members.php page do

[code]
<?
$user_name = $_SESSION['user_name'];  /* This is the logged in user's name */
$user = $_GET['user']; /* This will be the part of the link after the = sign */
?>
[/code]

Now you do your read from the DB, ie SELECT FROM users WHERE user_name = $user, then print out the stuff in the format you want.  Then after you print it, do a simple check to see if the name of the person logged in is the same as the name of the profile, so

[code]
if ($user_name == $user) {
Print out your form here, containing the info already read from the DB.  This let's them edit their userinfo
}
[/code]

And then make a page that will get the $_POST values and write them into the DB and you're done.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.