agge Posted April 6, 2007 Share Posted April 6, 2007 This is probaly easy, but i'm stuck with it.. I have a site where every registred user can add some details about themselves, they can also edit this page, but I dont want to let anyone change details to someone else, just allow the registred user to change his details. when they go to this url this happends: edit.php?userid=22 <?php session_start(); $userid = $_GET['userid']; if(!session_is_registered(userid)){ header("location:login.php?userid=$userid"); If not session is is set they get send to the page login. login.php <?php if (isset($_POST['login'])){ $userid = $_POST['userid']; $pwd = sha1(strip_tags($_POST['pwd'])); $query = "SELECT DISTINCT * FROM db WHERE userid = '$userid' AND password = '$pwd'"; $result = mysql_query($query) or die('Error, query failed'); $numofrows = mysql_num_rows($result); if($numofrows == 1){ session_register("userid"); header("location:useredit.php?userid=$userid"); } else { header("location:login.php?userid=$userid"); exit; } ?> This is setting the session id to 1, I don't know why but it do that when I echo session_is_registered(name); And it will also allow user to get in to other pages to change details. I want something like this edit.php?userid=22 [code]<?php session_start(); $userid = $_GET['userid']; "(if session_is_registered(userid) == $_GET['userid']{ ...... { everyones pages is on the form edit.php?userid=userid Anyone?? [/code] Link to comment https://forums.phpfreaks.com/topic/45952-uniqe-session-to-access-pages/ Share on other sites More sharing options...
jscix Posted April 6, 2007 Share Posted April 6, 2007 First, What are the users ID's based on? Where are you retrieving them from? If you are using a database to generate a unique id, upon account creation, then you will need to retrive their userid after verifying their information. ie.: $query = "SELECT db.userid FROM db WHERE userid = '$userid' AND password = '$pwd'"; now your $query variable should either return either: an array, or nothing. depending on if their info was correct. If the info was correct, you should set their userid using, $_SESSION['userid'] = $query[0]; Then, When you want to validate if the person has given their correct USERID, before letting the modify anything: <?php session_start(); $userid = $_GET['userid']; if ($_SESSION['userid'] = $_GET['userid']) { // $userid matches the session userid } else { // It doesnt match } ?> Link to comment https://forums.phpfreaks.com/topic/45952-uniqe-session-to-access-pages/#findComment-223225 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.