Jump to content


Photo

PHP User ID validation


  • Please log in to reply
2 replies to this topic

#1 Javrixx

Javrixx
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 04 October 2006 - 05:57 PM

So I'm building the second part of this project I'm doing for work.  I've learned TONS of php to do this, but I don't know if I'm overthinking or what about this problem.

Basically, I've made certain folders for users.  Each user gets a folder.  I need to make it so if the user's ID doesn't equal to X, they are given a message or are redirected.  And if the user's ID is equal to X, they are shown the rest of the page.  I've tried like a million little scripts but none work, any experts know how to do this right off the bat?

Here is the INCOMPLETE .php file I am using.

(Note that the user must already be logged in at this point to even get this far)

results.php
<?php

require('../../db_config.php');
require('../../global.php');

db_connect($mysql['username'],$mysql['password'],$mysql['database'],$mysql['host']);

$config = get_config($mysql['prefix']);

debug_mode($config['debug_mode']);

require('../auth.inc.php');

require('../../lib/MiniTemplator.class.php');
$template = new MiniTemplator;
$templatedir = '../../templates/';

if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['verify']))
{
	remove_user($_SESSION['username'],$mysql['prefix']);
	generate_htpasswd($mysql['prefix']);
	session_destroy();
	redirect('../../index.php');
}

$sql= 'SELECT * FROM '.$mysql['prefix'].'users WHERE username="'.$_SESSION['username'].'"';

if(!$result = mysql_query($sql))
{
	die('The following MySQL query failed. User data could not be retrieved. '.$sql);
}

while (($row = mysql_fetch_array($result)) != false)
{
	$firstname = $row['firstname'];
}


$template->readFileIntoString($templatedir."results_overall_header.html",$header);
$template->readFileIntoString($templatedir."results_results.html",$main);
$template->readFileIntoString($templatedir."results_overall_footer.html",$footer);

$template->setTemplateString($header . $main . $footer);

$template->setVariable("firstname",$firstname);


$template->setVariable("code",$javascript);
$template->addBlock("code");
$template->addBlock("javascript");

$template->setVariable("footer",show_user_footer($software_signature));
$template->setVariable("pagename","My Account");
$template->generateOutput();
?>


#2 trq

trq
  • Staff Alumni
  • Advanced Member
  • 31,041 posts

Posted 04 October 2006 - 06:00 PM

Put your while within another check. eg;

if (mysql_num_rows($result) > 0) {
  // your while goes here.
} else {
  echo "user does not exist";
}


#3 Javrixx

Javrixx
  • Members
  • PipPip
  • Member
  • 13 posts

Posted 11 October 2006 - 03:30 PM

I did get this working yesterday, thanks for all your help.  Below is the code I am using for it to work:

[code=php:0]
if($userid != 1)
{
    header('Location: ../../support/');
    exit;
}
?>




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users