Jump to content

view profile problems

chris_rulez001

By chris_rulez001
in PHP Coding Help

 Share

Recommended Posts

chris_rulez001 Member

chris_rulez001

Posted
Posted

hi i have a problem, when someone logs into my site, and clicks onto my account (test), it says in the title bar viewing profile: admin, but im viewing the user account, test, and this same problem occurs underneath the links bar, what can i do?

 

heres my view user script:

 

<?php
session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<?php
include('includes/mysql_connect_users.php');
// Connect to server and select databse.
mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");

// get value of id that sent from address bar

$sql="SELECT * FROM users";
$result=mysql_query($sql);

$rows=mysql_fetch_array($result);

?>
<title>Minispace - Viewing Profile: <?php echo $rows['username']; ?></title>
<link rel="stylesheet" href="css/stylesheet.css" />
<?php
include ('includes/general.php');
?>
</head>

<body>
<?php
include('includes/mysql_connect_users.php');
// Connect to server and select databse.
mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");

// get value of id that sent from address bar

$sql="SELECT * FROM users";
$result=mysql_query($sql);

$rows=mysql_fetch_array($result);

?>
<table width="86%" border="1" align="center">
  <tr>
    <td height="26" class="headerback"><?php echo $site_name; ?></td>
  </tr>
  <tr>
    <td class="topnav" height="5"><a href="index.php" class="style2">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>";
else{
echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td>
  </tr>
  <tr>
    <td class="siteback1"><div align="left" class="username">Viewing Profile: <?php echo $rows['username']; ?></div>
      <table width="310" border="0">
        <tr>
          <td width="408"><div id='piclayout2'><img src='images/no_pic.gif' width='106' height='90' /></div>
	  <?php
	  if (!isset($_SESSION['username']) == true)
	  echo "<div align='right' style='padding-right:20px'>
	  <p><a href='profile_edit.php' style='color:#000099'>Edit Profile</a></p>
              <p><a href='account_settings.php' style='color:#000099'>Account Settings</a> </p>
              <p><a href='manage_images.php' style='color:#000099'>Manage Images</a> </p>
		  <a href='manage_blog.php' style='color:#000099'>Manage Blog</a><br />
          </div><div align='left' style='padding-left:45px'><strong>View My:</strong><br /></div>
	  <div align='left' style='padding-left:35px'>
	  <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>Profile</a> | 
	  <a href='view_pics.php?user=".$rows['username']."' style='color:#000099'>Pics</a> | 
	  <a href='view_blog.php?user=".$rows['username']."' style='color:#000099'>Blog</a><br />
	  <a href='view_friends.php?user=".$rows['username']."' style='color:#000099'>Friends</a> | 
	  <a href='view_comments.php?user=".$rows['username']."' style='color:#000099'>Profile</a></div><br/><br/>
	  <div align='left' style='padding-left:8px'><strong>My Profile Url:</strong> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>minispace.1111mb.com/view_user.php?id=".$rows['id']."</div>";
      else{
       echo "<br/><div align='right' style='padding-right:80px'>
	  <p>".$rows['age']." Years Old</p>
          <p>".$rows['gender']."</p>
          </div><br/><br/>
	  <table width='100' border='1'>
	  <tr>
	  <td align='center'>
	  Contacting, ".$rows['username']."
	  </td>
	  </tr>
	  <tr>
	  <td style='padding-right:15px'>
	  <img src='images/msn-icon.gif'> MSN: ".$rows['msn']."<br/><br/>
	  <img src='images/imaim.png'> AOL IM: ".$rows['aolim']."<br/><br/>
	  <img src='images/icon_yim.gif'> YAHOO IM: ".$rows['yim']."<br/><br/>
	  </td>
	  </tr>
	  </table>"; }?>
	   </td>
        </tr>
      </table>
      <p> </p></td>
  </tr>
</table><br />
<br /><div align="center"><?php echo $copyright; ?></div>

Link to comment
https://forums.phpfreaks.com/topic/55941-view-profile-problems/
Share on other sites
GingerRobot Regular Member

GingerRobot

Posted
Posted

Well it looks to me like you're missing a crucial part of the query. You're selected all of the data from your users table, not just that for one person.

 

$sql="SELECT * FROM users WHERE `id`='$id'";

or maybe:

$sql="SELECT * FROM users WHERE `username`='$username'";

 

From the comments, it looks as if the intention was to get a user's id from the url:

// get value of id that sent from address bar

 

But this doesn't appear to be done anywhere. You'll need to take a look at the links to the profile page, and see what the variable in the url string is. If, for example, the links are something like: <a href="viewprofile.php?userid=$id">, then on your profile page you'll need to have: $id = $_GET['userid'];

 

 

Link to comment
https://forums.phpfreaks.com/topic/55941-view-profile-problems/#findComment-276276
Share on other sites
king arthur Member

king arthur

Posted
Posted

Looks like your problem is here

 

$sql="SELECT * FROM users";
$result=mysql_query($sql);

 

You are selecting all the rows in the users table, and presumably the first row is for user "admin". How is the user id passed in to this script, as you will need to rewrite that query to only fetch the required row.

Link to comment
https://forums.phpfreaks.com/topic/55941-view-profile-problems/#findComment-276277
Share on other sites
chris_rulez001 Member

chris_rulez001

Posted
  • Author
Posted

thanks for your help, my code looks like this now:

 

<?php
session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<?php
include('includes/mysql_connect_users.php');
// Connect to server and select databse.
mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");

// get value of id that sent from address bar
$username = $_GET['username'];

$sql3="SELECT * FROM users WHERE `username`='$username'";
$result=mysql_query($sql3);

$rows=mysql_fetch_array($result);

?>
<title>Minispace - Viewing Profile: <?php echo $rows['username']; ?></title>
<link rel="stylesheet" href="css/stylesheet.css" />
<?php
include ('includes/general.php');
?>
</head>

<body>
<?php
include('includes/mysql_connect_users.php');
// Connect to server and select databse.
mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");

// get value of id that sent from address bar
$username = $_GET['username'];

$sql1="SELECT * FROM users WHERE `username`='$username'";
$result=mysql_query($sql1);

$rows=mysql_fetch_array($result);

?>
<?php
include('includes/mysql_connect_users.php');
// Connect to server and select databse.
mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");

// get value of id that sent from address bar
$id = $_GET['id'];

$sql2="SELECT * FROM users WHERE `id`='$id'";
$result=mysql_query($sql2);

$rows=mysql_fetch_array($result);

?>
<table width="86%" border="1" align="center">
  <tr>
    <td height="26" class="headerback"><?php echo $site_name; ?></td>
  </tr>
  <tr>
    <td class="topnav" height="5"><a href="index.php" class="style2">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>";
else{
echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td>
  </tr>
  <tr>
    <td class="siteback1"><div align="left" class="username">Viewing Profile: <?php echo $rows['username']; ?></div>
      <table width="310" border="0">
        <tr>
          <td width="408"><div id='piclayout2'><img src='images/no_pic.gif' width='106' height='90' /></div>
	  <?php
	  if (!isset($_SESSION['username']) == false)
	  echo "<div align='right' style='padding-right:20px'>
	  <p><a href='profile_edit.php' style='color:#000099'>Edit Profile</a></p>
              <p><a href='account_settings.php' style='color:#000099'>Account Settings</a> </p>
              <p><a href='manage_images.php' style='color:#000099'>Manage Images</a> </p>
		  <a href='manage_blog.php' style='color:#000099'>Manage Blog</a><br />
          </div><div align='left' style='padding-left:45px'><strong>View My:</strong><br /></div>
	  <div align='left' style='padding-left:35px'>
	  <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>Profile</a> | 
	  <a href='view_pics.php?user=".$rows['username']."' style='color:#000099'>Pics</a> | 
	  <a href='view_blog.php?user=".$rows['username']."' style='color:#000099'>Blog</a><br />
	  <a href='view_friends.php?user=".$rows['username']."' style='color:#000099'>Friends</a> | 
	  <a href='view_comments.php?user=".$rows['username']."' style='color:#000099'>Profile</a></div><br/><br/>
	  <div align='left' style='padding-left:8px'><strong>My Profile Url:</strong> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>mysite/view_user.php?id=".$rows['id']."</div>";
      else{
       echo "<br/><div align='right' style='padding-right:80px'>
	  <p>".$rows['age']." Years Old</p>
          <p>".$rows['gender']."</p>
          </div><br/><br/>
	  <table width='100' border='1'>
	  <tr>
	  <td align='center'>
	  Contacting, ".$rows['username']."
	  </td>
	  </tr>
	  <tr>
	  <td style='padding-right:15px'>
	  <img src='images/msn-icon.gif'> MSN: ".$rows['msn']."<br/><br/>
	  <img src='images/imaim.png'> AOL IM: ".$rows['aolim']."<br/><br/>
	  <img src='images/icon_yim.gif'> YAHOO IM: ".$rows['yim']."<br/><br/>
	  </td>
	  </tr>
	  </table>"; }?>
	   </td>
        </tr>
      </table>
      <p> </p></td>
  </tr>
</table><br />
<br /><div align="center"><?php echo $copyright; ?></div>

 

im getting some errors:

 

Notice: Undefined index: username in /www/1111mb.com/m/i/n/minispace/htdocs/temp2/view_user.php on line 16

 

Notice: Undefined index: username in /www/1111mb.com/m/i/n/minispace/htdocs/temp2/view_user.php on line 39

Link to comment
https://forums.phpfreaks.com/topic/55941-view-profile-problems/#findComment-276281
Share on other sites
GingerRobot Regular Member

GingerRobot

Posted
Posted

Well as far as i can see, you are repeating the code to get your data from the database 3 times. The first two times you attempt to use the username, and do nothing with the result. The 3rd time you use the id. I would guess that you only need:

 

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Minispace - Viewing Profile: <?php echo $rows['username']; ?></title>
<link rel="stylesheet" href="css/stylesheet.css" />
<?php
include ('includes/general.php');
?>
</head>
<?php
include('includes/mysql_connect_users.php');
// Connect to server and select databse.
mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");

// get value of id that sent from address bar
$id = $_GET['id'];

$sql2="SELECT * FROM users WHERE `id`='$id'";
$result=mysql_query($sql2);

$rows=mysql_fetch_array($result);

?>
<table width="86%" border="1" align="center">
  <tr>
    <td height="26" class="headerback"><?php echo $site_name; ?></td>
  </tr>
  <tr>
    <td class="topnav" height="5"><a href="index.php" class="style2">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>";
else{
echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td>
  </tr>
  <tr>
    <td class="siteback1"><div align="left" class="username">Viewing Profile: <?php echo $rows['username']; ?></div>
      <table width="310" border="0">
        <tr>
          <td width="408"><div id='piclayout2'><img src='images/no_pic.gif' width='106' height='90' /></div>
	  <?php
	  if (!isset($_SESSION['username']) == false)
	  echo "<div align='right' style='padding-right:20px'>
	  <p><a href='profile_edit.php' style='color:#000099'>Edit Profile</a></p>
              <p><a href='account_settings.php' style='color:#000099'>Account Settings</a> </p>
              <p><a href='manage_images.php' style='color:#000099'>Manage Images</a> </p>
		  <a href='manage_blog.php' style='color:#000099'>Manage Blog</a><br />
          </div><div align='left' style='padding-left:45px'><strong>View My:</strong><br /></div>
	  <div align='left' style='padding-left:35px'>
	  <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>Profile</a> | 
	  <a href='view_pics.php?user=".$rows['username']."' style='color:#000099'>Pics</a> | 
	  <a href='view_blog.php?user=".$rows['username']."' style='color:#000099'>Blog</a><br />
	  <a href='view_friends.php?user=".$rows['username']."' style='color:#000099'>Friends</a> | 
	  <a href='view_comments.php?user=".$rows['username']."' style='color:#000099'>Profile</a></div><br/><br/>
	  <div align='left' style='padding-left:8px'><strong>My Profile Url:</strong> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>mysite/view_user.php?id=".$rows['id']."</div>";
      else{
       echo "<br/><div align='right' style='padding-right:80px'>
	  <p>".$rows['age']." Years Old</p>
          <p>".$rows['gender']."</p>
          </div><br/><br/>
	  <table width='100' border='1'>
	  <tr>
	  <td align='center'>
	  Contacting, ".$rows['username']."
	  </td>
	  </tr>
	  <tr>
	  <td style='padding-right:15px'>
	  <img src='images/msn-icon.gif'> MSN: ".$rows['msn']."<br/><br/>
	  <img src='images/imaim.png'> AOL IM: ".$rows['aolim']."<br/><br/>
	  <img src='images/icon_yim.gif'> YAHOO IM: ".$rows['yim']."<br/><br/>
	  </td>
	  </tr>
	  </table>"; }?>
	   </td>
        </tr>
      </table>
      <p> </p></td>
  </tr>
</table><br />
<br /><div align="center"><?php echo $copyright; ?></div>

Link to comment
https://forums.phpfreaks.com/topic/55941-view-profile-problems/#findComment-276284
Share on other sites
chris_rulez001 Member

chris_rulez001

Posted
  • Author
Posted

thanks, i have another problem (security) when im logged in as my test account (non-admin), i can edit anyones account, it shows the edit profile and other links, what should i do? can this be changed by code?

 

my code:

 

<?php
session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<?php
include('includes/mysql_connect_users.php');
// Connect to server and select databse.
mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect");
mysql_select_db("$database")or die("cannot select DB");

// get value of id that sent from address bar
$id = $_GET['id'];

$sql2="SELECT * FROM users WHERE `id`='$id'";
$result=mysql_query($sql2);

$rows=mysql_fetch_array($result);

?>
<title>Minispace - Viewing Profile: <?php echo $rows['username']; ?></title>
<link rel="stylesheet" href="css/stylesheet.css" />
<?php
include ('includes/general.php');
?>
</head>

<body>
<table width="86%" border="1" align="center">
  <tr>
    <td height="26" class="headerback"><?php echo $site_name; ?></td>
  </tr>
  <tr>
    <td class="topnav" height="5"><a href="index.php" class="style2">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>";
else{
echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td>
  </tr>
  <tr>
    <td class="siteback1"><div align="left" class="username">Viewing Profile: <?php echo $rows['username']; ?></div>
      <table width="310" border="0">
        <tr>
          <td width="408"><div id='piclayout2'><img src='images/no_pic.gif' width='106' height='90' /></div>
	  <?php
	  if (!isset($_SESSION['username']) == false)
	  echo "<div align='right' style='padding-right:20px'>
	  <p><a href='profile_edit.php' style='color:#000099'>Edit Profile</a></p>
              <p><a href='account_settings.php' style='color:#000099'>Account Settings</a> </p>
              <p><a href='manage_images.php' style='color:#000099'>Manage Images</a> </p>
		  <a href='manage_blog.php' style='color:#000099'>Manage Blog</a><br />
          </div><div align='left' style='padding-left:45px'><strong>View My:</strong><br /></div>
	  <div align='left' style='padding-left:35px'>
	  <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>Profile</a> | 
	  <a href='view_pics.php?user=".$rows['username']."' style='color:#000099'>Pics</a> | 
	  <a href='view_blog.php?user=".$rows['username']."' style='color:#000099'>Blog</a><br />
	  <a href='view_friends.php?user=".$rows['username']."' style='color:#000099'>Friends</a> | 
	  <a href='view_comments.php?user=".$rows['username']."' style='color:#000099'>Profile</a></div><br/><br/>
	  <div align='left' style='padding-left:8px'><strong>My Profile Url:</strong> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>mysite/view_user.php?id=".$rows['id']."</div>";
      else{
       echo "<br/><div align='right' style='padding-right:80px'>
	  <p>".$rows['age']." Years Old</p>
          <p>".$rows['gender']."</p>
          </div><br/><br/>
	  <table width='100' border='1'>
	  <tr>
	  <td align='center'>
	  Contacting, ".$rows['username']."
	  </td>
	  </tr>
	  <tr>
	  <td style='padding-right:15px'>
	  <img src='images/msn-icon.gif'> MSN: ".$rows['msn']."<br/><br/>
	  <img src='images/imaim.png'> AOL IM: ".$rows['aolim']."<br/><br/>
	  <img src='images/icon_yim.gif'> YAHOO IM: ".$rows['yim']."<br/><br/>
	  </td>
	  </tr>
	  </table>"; }?>
	   </td>
        </tr>
      </table>
      <p> </p></td>
  </tr>
</table><br />
<br /><div align="center"><?php echo $copyright; ?></div>

Link to comment
https://forums.phpfreaks.com/topic/55941-view-profile-problems/#findComment-276312
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.