Jump to content

uniqe session to access pages


agge

Recommended Posts

This is probaly easy, but i'm stuck with it..

 

I have a site where every registred user can add some details about themselves, they can also edit this page, but I dont want to let anyone change details to someone else, just allow the registred user to change his details.

 

when they go to this url this happends:

edit.php?userid=22

<?php
session_start();
$userid = $_GET['userid'];
if(!session_is_registered(userid)){
header("location:login.php?userid=$userid");

If not session is is set they get send to the page login.

 

login.php

<?php
if (isset($_POST['login'])){
$userid = $_POST['userid'];
$pwd =  sha1(strip_tags($_POST['pwd']));
$query = "SELECT DISTINCT * FROM db WHERE userid = '$userid' AND password = '$pwd'";
$result = mysql_query($query) or die('Error, query failed');
$numofrows = mysql_num_rows($result);
if($numofrows == 1){
session_register("userid");
header("location:useredit.php?userid=$userid");
}
else {
header("location:login.php?userid=$userid");
exit;
}
?>

This is setting the session id to 1, I don't know why but it do that when I echo session_is_registered(name);

 

And it will also allow user to get in to other pages to change details.

 

 

I want something like this

edit.php?userid=22
[code]<?php
session_start();
$userid = $_GET['userid'];
"(if session_is_registered(userid) ==  $_GET['userid']{
......
{

 

everyones pages is on the form edit.php?userid=userid

 

Anyone??

 

::)[/code]

Link to comment
https://forums.phpfreaks.com/topic/45952-uniqe-session-to-access-pages/
Share on other sites

First, What are the users ID's based on? Where are you retrieving them from?

 

If you are using a database to generate a unique id,  upon account creation, then you will need to retrive their userid after verifying their information.

 

ie.: $query = "SELECT db.userid FROM db WHERE userid = '$userid' AND password = '$pwd'";

 

now your $query variable should either return either: an array, or nothing. depending on if their info was correct.

 

If the info was correct, you should set their userid using,

 

$_SESSION['userid'] = $query[0];

 

Then, When you want to validate if the person has given their correct USERID, before letting the modify anything:

 

<?php

session_start();

$userid = $_GET['userid'];

 

if ($_SESSION['userid'] = $_GET['userid']) {

// $userid matches the session userid

} else {

// It doesnt  match

}

?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.