rallokkcaz Posted September 10, 2006 Share Posted September 10, 2006 ive got an edit profile page but the problem is anyone can edit it??what should i do?here's the code[code]<?PHPinclude ("config.php");//if the user is not logged in, then redirect to login page. if(!is_logged_in($user)){ header("Location: error.php"); die();}else{ include ("header.php"); //put your code here (protected page).echo "$userid";include ("edit_profile.php");}?>[/code]i only want the that user to edit there own profile. not anyone else. Quote Link to comment Share on other sites More sharing options...
Wintergreen Posted September 10, 2006 Share Posted September 10, 2006 What I did with my blog site is do a check for id the user is logged in, as well as for if the user name matches the name of the profile. When the users log in, create a session variable that contains their username, like $_SESSION['user_name'] and then you can use it as a check before you allow them to modify their profile. Quote Link to comment Share on other sites More sharing options...
rallokkcaz Posted September 10, 2006 Author Share Posted September 10, 2006 so what would i do to the code? Quote Link to comment Share on other sites More sharing options...
Wintergreen Posted September 10, 2006 Share Posted September 10, 2006 This is just my way of doing it, but anyway, you'll need to include <? session_start(); ?> at the top of each page, and you'll have to set $_SESSION['user_name'] when they log in since you'll be using this to do your check. So on your site, you can have a page called members.php. And as a link to this, if you want bob to be able to see and edit his profile, but only let other people see it and not edit, you can do something along the lines of having a link like members.php?user=bob. And on the members.php page do[code]<?$user_name = $_SESSION['user_name']; /* This is the logged in user's name */$user = $_GET['user']; /* This will be the part of the link after the = sign */?>[/code]Now you do your read from the DB, ie SELECT FROM users WHERE user_name = $user, then print out the stuff in the format you want. Then after you print it, do a simple check to see if the name of the person logged in is the same as the name of the profile, so[code]if ($user_name == $user) {Print out your form here, containing the info already read from the DB. This let's them edit their userinfo}[/code]And then make a page that will get the $_POST values and write them into the DB and you're done. Quote Link to comment Share on other sites More sharing options...
rallokkcaz Posted September 10, 2006 Author Share Posted September 10, 2006 ok now nothing hapens when you try to edit a profile Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.