Jump to content

Archived

This topic is now archived and is closed to further replies.

Javrixx

PHP User ID validation

Recommended Posts

So I'm building the second part of this project I'm doing for work.  I've learned TONS of php to do this, but I don't know if I'm overthinking or what about this problem.

Basically, I've made certain folders for users.  Each user gets a folder.  I need to make it so if the user's ID doesn't equal to X, they are given a message or are redirected.  And if the user's ID is equal to X, they are shown the rest of the page.  I've tried like a million little scripts but none work, any experts know how to do this right off the bat?

Here is the INCOMPLETE .php file I am using.

(Note that the user must already be logged in at this point to even get this far)

results.php
[code=php:0]
<?php

require('../../db_config.php');
require('../../global.php');

db_connect($mysql['username'],$mysql['password'],$mysql['database'],$mysql['host']);

$config = get_config($mysql['prefix']);

debug_mode($config['debug_mode']);

require('../auth.inc.php');

require('../../lib/MiniTemplator.class.php');
$template = new MiniTemplator;
$templatedir = '../../templates/';

if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['verify']))
{
remove_user($_SESSION['username'],$mysql['prefix']);
generate_htpasswd($mysql['prefix']);
session_destroy();
redirect('../../index.php');
}

$sql= 'SELECT * FROM '.$mysql['prefix'].'users WHERE username="'.$_SESSION['username'].'"';

if(!$result = mysql_query($sql))
{
die('The following MySQL query failed. User data could not be retrieved. '.$sql);
}

while (($row = mysql_fetch_array($result)) != false)
{
$firstname = $row['firstname'];
}


$template->readFileIntoString($templatedir."results_overall_header.html",$header);
$template->readFileIntoString($templatedir."results_results.html",$main);
$template->readFileIntoString($templatedir."results_overall_footer.html",$footer);

$template->setTemplateString($header . $main . $footer);

$template->setVariable("firstname",$firstname);


$template->setVariable("code",$javascript);
$template->addBlock("code");
$template->addBlock("javascript");

$template->setVariable("footer",show_user_footer($software_signature));
$template->setVariable("pagename","My Account");
$template->generateOutput();
?>
[/code]

Share this post


Link to post
Share on other sites
Put your while within another check. eg;

[code=php:0]
if (mysql_num_rows($result) > 0) {
  // your while goes here.
} else {
  echo "user does not exist";
}
[/code]

Share this post


Link to post
Share on other sites
I did get this working yesterday, thanks for all your help.  Below is the code I am using for it to work:

[code=php:0]
if($userid != 1)
{
    header('Location: ../../support/');
    exit;
}
?>

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.