KaiSheng Posted November 8, 2013 Share Posted November 8, 2013 Well, hi again. According to my previous thread, it works perfectly. url will show ...gameInfo.php?id=1 or gameInfo.php?id=2 according to the person who login, they will received the respective links that is matched to the user id in database. Okay, so here's the problem, when i am user id 2, it shows as gameInfo.php?id=2 However, when i change the url to gameInfo.php?id=1, i can see the information of the user of userid 1. Is there any way to go about this? Help thanks <3 ! Quote Link to comment Share on other sites More sharing options...
Solution mac_gyver Posted November 8, 2013 Solution Share Posted November 8, 2013 for anything security related, you must check if the current logged in visitor is authorized to view the information. for something like a profile link, if the id from the link is different from the currently logged in user's id (held in your session variable), you would only display the 'publicly' accessible information or none at all if that's your desire. if the id from the link is the same as the currently logged in user's id, the user would have full permission to view all of the available information. Quote Link to comment Share on other sites More sharing options...
KaiSheng Posted November 8, 2013 Author Share Posted November 8, 2013 Thank you got it ! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.