Jump to content


This topic is now archived and is closed to further replies.


how to only the user edit there own profile

Recommended Posts

ive got an edit profile page but the problem is anyone can edit it??
what should i do?

here's the code

include ("config.php");

//if the user is not logged in, then redirect to login page.
    header("Location: error.php");  die();
      include ("header.php");
      //put your code here (protected page).
echo "$userid";
include ("edit_profile.php");
i only want the that user to edit there own profile. not anyone else.

Share this post

Link to post
Share on other sites
What I did with my blog site is do a check for id the user is logged in, as well as for if the user name matches the name of the profile.  When the users log in, create a session variable that contains their username, like $_SESSION['user_name'] and then you can use it as a check before you allow them to modify their profile. 

Share this post

Link to post
Share on other sites
This is just my way of doing it, but anyway, you'll need to include <? session_start(); ?> at the top of each page, and you'll have to set $_SESSION['user_name'] when they log in since you'll be using this to do your check. 

So on your site, you can have a page called members.php.  And as a link to this, if you want bob to be able to see and edit his profile, but only let other people see it and not edit, you can do something along the lines of having a link like members.php?user=bob.  And on the members.php page do

$user_name = $_SESSION['user_name'];  /* This is the logged in user's name */
$user = $_GET['user']; /* This will be the part of the link after the = sign */

Now you do your read from the DB, ie SELECT FROM users WHERE user_name = $user, then print out the stuff in the format you want.  Then after you print it, do a simple check to see if the name of the person logged in is the same as the name of the profile, so

if ($user_name == $user) {
Print out your form here, containing the info already read from the DB.  This let's them edit their userinfo

And then make a page that will get the $_POST values and write them into the DB and you're done.

Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.