Jump to content

How do I get database values for currently logged in users?


Recommended Posts

I'd like to display a user profile for the currently logged in user so they can edit their contact details. I already have a secure login scripted which works well and it stores the user_id, username and a login_string into session variables. The login_string is a long alphanumeric string of hashed values used when checking the logged in status of the user but it's not stored in the database.

 

My concern is if I pass the user_id from the session variable to the model to get the user contact information, the user can easily change that variable in order to display someone else's information. So should I continuously hash the same variables to compare the login_function or should I just store it in the database once the user logs in so that's it's readily available to do a comparison on any time I need database information.

 

Does that make sense?

As long as you don't expose to the user the ID you're using to find profile information, which you shouldn't do anyways because you're displaying the currently-logged in user regardless, then it's fine.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.