Jump to content

Recommended Posts

OKay,Lets see what stored in $_SESSION change your code to

mysql_select_db($database_vekipman, $vekipman);
$query_URUNS = "SELECT `session_user` FROM urunler";
$URUNS = mysql_query($query_URUNS, $vekipman) or die(mysql_error());
$row_URUNS = mysql_fetch_array($URUNS);
$totalRows_URUNS = mysql_num_rows($URUNS);
$_SESSION['session_user']=$row_URUNS['session_user'];

if($_SESSION['login_id'] != $_SESSION['session_user']) {
   $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/index.php';
          //header('Location: ' . $home_url);
    echo "<pre>" . print_r($_SESSION, true) . "</pre>";
} else {
echo 'Sorry but ' . $_SESSION['login_id'] . ' was equal to ' . $_SESSION['session_user'];
}

So what are you wanting the code to do? I re-read this thread and I am confused. Maybe you need to give more of an explanation of what you're trying to do.

 

when user is registered, ID's is recorded in two places like this : in USERS table , and PRODUCT table

 

ILANS.PHP page : each user is getting  products listing, but filtering via own ID

 

ILAN_EDIT.php page : this page product edit page.  problem was this page, all users can edited, deleted, all the other  users product.

 

this is a michael's product edit page :  index.php?go=ILAN_EDIT&id=12

but, george user if write down to this same link and paste to adress bar, it can directly edit or delete michaels product. I don't want this.

 

Then you want to check to see if $_SESSION['_login_id'] is equal to $_GET['id'] at the top of your script

<?php
session_start();

if(!isset($_SESION['_login_id']))
{
    echo 'You must be logged into view this page';
}
elseif(isset($_SESSION['_login_id']) && $_SESSION['_login_id'] != $_GET['id']))
{
     echo 'You cannot edit another users product!';
}
else
{
     // your code here for editing the product
}
?>

Then you want to check to see if $_SESSION['_login_id'] is equal to $_GET['id'] at the top of your script

 

I want this : in product page,  $_SESSION['_login_id'],  if different to $_SESSION['session_username'], then go to index.php

 

but session_username  is getting from product table, and _login_id is getting from users table.

 

both sessions are number

I want this : in product page,  $_SESSION['_login_id'],  if different to $_SESSION['session_username'], then go to index.php

 

but session_username  is stored in product table, and _login_id is stored in users table.

 

both sessions are number

soryy :)  my bad english language...

 

i have got the, two database table.

 

first table is : users table : _login_id, username, mail, name, activation, randomcode.

 

second table is : product table : id, product_name, session_user (this is same as user table _login_id, when user is registered recorded a user id also here)

 

i have a product_edit.php page for registered users.

 

in product_edit.php page i wanna this : sessions are, if _login_id different from session_user , then go to index.php

 

this is very simple, but i can not tell you. my bad language english :(

 

 

Right. So when the user successfully logs in you create the $_SESSION['_login_id'] variable? Correct.

 

If thats the case then you should be able to do

<?php
session_start();

// connect to mysql here

$query = "SELECT session_user FROM product_table WHERE session_user = '{$_SESSION['_login_id']}";
$result = mysql_query($query);

if($result)
{
    // session_user doesn't match $_SESSION['_login_id'] redirect to index.php
    if(mysql_num_rows($result) == 0)
    {
        header('Location: index.php');
    }
    // there is a match. Display the page
    else
    {
        echo 'session_user matches _login_id! Continue displaying rest of page!';
    }
}
else
{
    trigger_error('There is a problem with: mysql_error(), E_USER_ERROR);
}

?>

Left off a quote, on line 34

    trigger_error('There is a problem with: ' . mysql_error(), E_USER_ERROR);

 

Also the query is wrong

$query = "SELECT session_user FROM product_table WHERE session_user = '{$_SESSION['_login_id']}";

It should be

$query = "SELECT session_user FROM product_table WHERE session_user = '{$_SESSION['_login_id']}'";

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.