Jump to content

uniqe session to access pages

agge

By agge
in PHP Coding Help

 Share

Recommended Posts

agge Member

agge

Posted
Posted

This is probaly easy, but i'm stuck with it..

 

I have a site where every registred user can add some details about themselves, they can also edit this page, but I dont want to let anyone change details to someone else, just allow the registred user to change his details.

 

when they go to this url this happends:

edit.php?userid=22

<?php
session_start();
$userid = $_GET['userid'];
if(!session_is_registered(userid)){
header("location:login.php?userid=$userid");

If not session is is set they get send to the page login.

 

login.php

<?php
if (isset($_POST['login'])){
$userid = $_POST['userid'];
$pwd =  sha1(strip_tags($_POST['pwd']));
$query = "SELECT DISTINCT * FROM db WHERE userid = '$userid' AND password = '$pwd'";
$result = mysql_query($query) or die('Error, query failed');
$numofrows = mysql_num_rows($result);
if($numofrows == 1){
session_register("userid");
header("location:useredit.php?userid=$userid");
}
else {
header("location:login.php?userid=$userid");
exit;
}
?>

This is setting the session id to 1, I don't know why but it do that when I echo session_is_registered(name);

 

And it will also allow user to get in to other pages to change details.

 

 

I want something like this 

edit.php?userid=22
[code]<?php
session_start();
$userid = $_GET['userid'];
"(if session_is_registered(userid) ==  $_GET['userid']{
......
{

 

everyones pages is on the form edit.php?userid=userid

 

Anyone??

 

::)[/code]

Link to comment
Share on other sites
jscix Member

jscix

Posted
Posted

First, What are the users ID's based on? Where are you retrieving them from?

 

If you are using a database to generate a unique id,  upon account creation, then you will need to retrive their userid after verifying their information.

 

ie.: $query = "SELECT db.userid FROM db WHERE userid = '$userid' AND password = '$pwd'";

 

now your $query variable should either return either: an array, or nothing. depending on if their info was correct.

 

If the info was correct, you should set their userid using,

 

$_SESSION['userid'] = $query[0];

 

Then, When you want to validate if the person has given their correct USERID, before letting the modify anything:

 

<?php

session_start();

$userid = $_GET['userid'];

 

if ($_SESSION['userid'] = $_GET['userid']) {

// $userid matches the session userid

} else {

// It doesnt  match

}

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.