I think i almost understand....

[Accurax]

Ok, ive managed to get a basic membership system up and running... woohoo  ;D ;D ;D ... thanks guys, and now im looking into how to make it so that each of my users can have their own membership page, which they can change and update ect... sorta like a member profile, so im looking through several books, and also the tutorial at [url=http://www.phpfreaks.com/tutorials/78/2.php]http://www.phpfreaks.com/tutorials/78/2.php[/url].

I just need to get a few things straight in my head.

[list]
[*]The way that i cretae unique user profiles is by using session variables, and initiating the correct ones depending on which user name / password combination is eneterd to log in is this correct?
[*]I can then use these session variables to call various bits of information onto the screen, so it looks like everyone gets a completely seperate page is this correct?
[/list]

The above seems to make sense in my head... but i just wanted to check if i was looking at this from the correct angle ?

Assuming the above is true, then i need to identify the user based on there username and password, and set the session variables to be equal to the information sored in mysql for that particular user .... correct?

The tutorial sets its session variables like so:
[code]} else {
        $_SESSION['userid'] = $user_info['id'];
        $_SESSION['username'] = $user_info['username'];
        $_SESSION['encryptpass'] = $user_info['encryptpass'];
        $_SESSION['email'] = $user_info['email'];
        $_SESSION['prov'] = $user_info['prov'];
        $_SESSION['name'] = $user_info['name'];
        $_SESSION['style'] = $user_info['style'];
        $_SESSION['hist'] = $user_info['hist'];
        $_SESSION['infl'] = $user_info['infl'];
        $_SESSION['open'] = $user_info['open'];
        $_SESSION['photo'] = $user_info['photo'];
        $_SESSION['webs'] = $user_info['webs'];
        $_SESSION['paid'] = $user_info['paid'];
    }
}
?>[/code]

Im a little confused as to his methodology here ..... i understand that for all future pages he only needs to call "$_SESSION['name']" what i dont understand is where the "$user_info['name']" bit is coming from..... is this something to do with the mysql column names?

Also how does the script know which users info to set to those session variables in the first place?

Sorry if these are silly questions.... but im real close to understanding this now ...... im getting all excited guys :)

[trq]

No need to store everything in sessions, the users data should allready be in the database, you simply query it for the relevent data.

So, if you wanted a link to my profile for instance it might look like <a href="profiles.php?user=thorpe">thorpe</a>

Then, in profiles.php you would run a query something like...

[code]
SELECT * FROM users WHERE user = '{$_GET['user']}'
[/code]

Of course you would want to validate the input an dall that but thats the basics of it.

[Accurax]

Thorpe... thats my problem at the moment mate.... how do i go about ensuring that only you get to see your account page? ... i assumed id need sessions to validate who you were.

If i just let you log in and link straight to your profile, how do i make sure no-one else can get there aswell?

Thanks mate

[craygo]

what you would do is store the users id in a session variable. then call the id when you want to show the users info.

so you have page which calles the users info from the database
[code]<?php
$sql = "SELECT * FROM users WHERE id = '".$_SESSION['id']."'";
$res = mysql_query($sql) or die(mysql_error());
$userinfo = mysql_fetch_assoc($res);
[/code]

Now all the users info is in an array called $userinfo that you can call upon anywhere on your page.

Ray

[roopurt18]

My methodology is to keep $_SESSION as empty as possible.  As Thorpe said, any data you need to display should be accessible from the database.

Your users are probably entering a username and password to access the site and you should be validating the information from the database.  On successful validation, all you really need to set is a single $_SESSION variable:

$_SESSION['User'] = $username; // The username they're using

On every other page, you can easily checking if the user is logged in with:

if(!isset($_SESSION['User']) || strlen($_SESSION['User']) == 0){
 // User is not logged in
 // This is how we can block non-logged in users from viewing a page
}

In the case of Thorpe's example with $_GET['User'], you can do this:

if(isset($_GET['User']) && isset($_SESSION['User']) && !strcmp($_GET['User'], $_SESSION['User'])){
 // Logged in, User param in URL is set, and they both match
 // Now we can pull info from the DB for this user and display it
}

Hope that helps.

[Accurax]

excellent, thankyou.... that was exactly what i thought of about 5 minuites ago while having a quiet smoke...... ok, tomorrow i  will get that setup... then its on to updating info and allowing other users to browse the said profiles.

I think i know how thats going to work.... but ill probably run into some issues..... thankyou guys for all your help so far

Accura