chris_rulez001 Posted June 17, 2007 Share Posted June 17, 2007 hi i have a problem, when someone logs into my site, and clicks onto my account (test), it says in the title bar viewing profile: admin, but im viewing the user account, test, and this same problem occurs underneath the links bar, what can i do? heres my view user script: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <?php include('includes/mysql_connect_users.php'); // Connect to server and select databse. mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect"); mysql_select_db("$database")or die("cannot select DB"); // get value of id that sent from address bar $sql="SELECT * FROM users"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <title>Minispace - Viewing Profile: <?php echo $rows['username']; ?></title> <link rel="stylesheet" href="css/stylesheet.css" /> <?php include ('includes/general.php'); ?> </head> <body> <?php include('includes/mysql_connect_users.php'); // Connect to server and select databse. mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect"); mysql_select_db("$database")or die("cannot select DB"); // get value of id that sent from address bar $sql="SELECT * FROM users"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); ?> <table width="86%" border="1" align="center"> <tr> <td height="26" class="headerback"><?php echo $site_name; ?></td> </tr> <tr> <td class="topnav" height="5"><a href="index.php" class="style2">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>"; else{ echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td> </tr> <tr> <td class="siteback1"><div align="left" class="username">Viewing Profile: <?php echo $rows['username']; ?></div> <table width="310" border="0"> <tr> <td width="408"><div id='piclayout2'><img src='images/no_pic.gif' width='106' height='90' /></div> <?php if (!isset($_SESSION['username']) == true) echo "<div align='right' style='padding-right:20px'> <p><a href='profile_edit.php' style='color:#000099'>Edit Profile</a></p> <p><a href='account_settings.php' style='color:#000099'>Account Settings</a> </p> <p><a href='manage_images.php' style='color:#000099'>Manage Images</a> </p> <a href='manage_blog.php' style='color:#000099'>Manage Blog</a><br /> </div><div align='left' style='padding-left:45px'><strong>View My:</strong><br /></div> <div align='left' style='padding-left:35px'> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>Profile</a> | <a href='view_pics.php?user=".$rows['username']."' style='color:#000099'>Pics</a> | <a href='view_blog.php?user=".$rows['username']."' style='color:#000099'>Blog</a><br /> <a href='view_friends.php?user=".$rows['username']."' style='color:#000099'>Friends</a> | <a href='view_comments.php?user=".$rows['username']."' style='color:#000099'>Profile</a></div><br/><br/> <div align='left' style='padding-left:8px'><strong>My Profile Url:</strong> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>minispace.1111mb.com/view_user.php?id=".$rows['id']."</div>"; else{ echo "<br/><div align='right' style='padding-right:80px'> <p>".$rows['age']." Years Old</p> <p>".$rows['gender']."</p> </div><br/><br/> <table width='100' border='1'> <tr> <td align='center'> Contacting, ".$rows['username']." </td> </tr> <tr> <td style='padding-right:15px'> <img src='images/msn-icon.gif'> MSN: ".$rows['msn']."<br/><br/> <img src='images/imaim.png'> AOL IM: ".$rows['aolim']."<br/><br/> <img src='images/icon_yim.gif'> YAHOO IM: ".$rows['yim']."<br/><br/> </td> </tr> </table>"; }?> </td> </tr> </table> <p> </p></td> </tr> </table><br /> <br /><div align="center"><?php echo $copyright; ?></div> Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted June 17, 2007 Share Posted June 17, 2007 Well it looks to me like you're missing a crucial part of the query. You're selected all of the data from your users table, not just that for one person. $sql="SELECT * FROM users WHERE `id`='$id'"; or maybe: $sql="SELECT * FROM users WHERE `username`='$username'"; From the comments, it looks as if the intention was to get a user's id from the url: // get value of id that sent from address bar But this doesn't appear to be done anywhere. You'll need to take a look at the links to the profile page, and see what the variable in the url string is. If, for example, the links are something like: <a href="viewprofile.php?userid=$id">, then on your profile page you'll need to have: $id = $_GET['userid']; Quote Link to comment Share on other sites More sharing options...
king arthur Posted June 17, 2007 Share Posted June 17, 2007 Looks like your problem is here $sql="SELECT * FROM users"; $result=mysql_query($sql); You are selecting all the rows in the users table, and presumably the first row is for user "admin". How is the user id passed in to this script, as you will need to rewrite that query to only fetch the required row. Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 17, 2007 Author Share Posted June 17, 2007 thanks for your help, my code looks like this now: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <?php include('includes/mysql_connect_users.php'); // Connect to server and select databse. mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect"); mysql_select_db("$database")or die("cannot select DB"); // get value of id that sent from address bar $username = $_GET['username']; $sql3="SELECT * FROM users WHERE `username`='$username'"; $result=mysql_query($sql3); $rows=mysql_fetch_array($result); ?> <title>Minispace - Viewing Profile: <?php echo $rows['username']; ?></title> <link rel="stylesheet" href="css/stylesheet.css" /> <?php include ('includes/general.php'); ?> </head> <body> <?php include('includes/mysql_connect_users.php'); // Connect to server and select databse. mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect"); mysql_select_db("$database")or die("cannot select DB"); // get value of id that sent from address bar $username = $_GET['username']; $sql1="SELECT * FROM users WHERE `username`='$username'"; $result=mysql_query($sql1); $rows=mysql_fetch_array($result); ?> <?php include('includes/mysql_connect_users.php'); // Connect to server and select databse. mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect"); mysql_select_db("$database")or die("cannot select DB"); // get value of id that sent from address bar $id = $_GET['id']; $sql2="SELECT * FROM users WHERE `id`='$id'"; $result=mysql_query($sql2); $rows=mysql_fetch_array($result); ?> <table width="86%" border="1" align="center"> <tr> <td height="26" class="headerback"><?php echo $site_name; ?></td> </tr> <tr> <td class="topnav" height="5"><a href="index.php" class="style2">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>"; else{ echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td> </tr> <tr> <td class="siteback1"><div align="left" class="username">Viewing Profile: <?php echo $rows['username']; ?></div> <table width="310" border="0"> <tr> <td width="408"><div id='piclayout2'><img src='images/no_pic.gif' width='106' height='90' /></div> <?php if (!isset($_SESSION['username']) == false) echo "<div align='right' style='padding-right:20px'> <p><a href='profile_edit.php' style='color:#000099'>Edit Profile</a></p> <p><a href='account_settings.php' style='color:#000099'>Account Settings</a> </p> <p><a href='manage_images.php' style='color:#000099'>Manage Images</a> </p> <a href='manage_blog.php' style='color:#000099'>Manage Blog</a><br /> </div><div align='left' style='padding-left:45px'><strong>View My:</strong><br /></div> <div align='left' style='padding-left:35px'> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>Profile</a> | <a href='view_pics.php?user=".$rows['username']."' style='color:#000099'>Pics</a> | <a href='view_blog.php?user=".$rows['username']."' style='color:#000099'>Blog</a><br /> <a href='view_friends.php?user=".$rows['username']."' style='color:#000099'>Friends</a> | <a href='view_comments.php?user=".$rows['username']."' style='color:#000099'>Profile</a></div><br/><br/> <div align='left' style='padding-left:8px'><strong>My Profile Url:</strong> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>mysite/view_user.php?id=".$rows['id']."</div>"; else{ echo "<br/><div align='right' style='padding-right:80px'> <p>".$rows['age']." Years Old</p> <p>".$rows['gender']."</p> </div><br/><br/> <table width='100' border='1'> <tr> <td align='center'> Contacting, ".$rows['username']." </td> </tr> <tr> <td style='padding-right:15px'> <img src='images/msn-icon.gif'> MSN: ".$rows['msn']."<br/><br/> <img src='images/imaim.png'> AOL IM: ".$rows['aolim']."<br/><br/> <img src='images/icon_yim.gif'> YAHOO IM: ".$rows['yim']."<br/><br/> </td> </tr> </table>"; }?> </td> </tr> </table> <p> </p></td> </tr> </table><br /> <br /><div align="center"><?php echo $copyright; ?></div> im getting some errors: Notice: Undefined index: username in /www/1111mb.com/m/i/n/minispace/htdocs/temp2/view_user.php on line 16 Notice: Undefined index: username in /www/1111mb.com/m/i/n/minispace/htdocs/temp2/view_user.php on line 39 Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted June 17, 2007 Share Posted June 17, 2007 Well as far as i can see, you are repeating the code to get your data from the database 3 times. The first two times you attempt to use the username, and do nothing with the result. The 3rd time you use the id. I would guess that you only need: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Minispace - Viewing Profile: <?php echo $rows['username']; ?></title> <link rel="stylesheet" href="css/stylesheet.css" /> <?php include ('includes/general.php'); ?> </head> <?php include('includes/mysql_connect_users.php'); // Connect to server and select databse. mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect"); mysql_select_db("$database")or die("cannot select DB"); // get value of id that sent from address bar $id = $_GET['id']; $sql2="SELECT * FROM users WHERE `id`='$id'"; $result=mysql_query($sql2); $rows=mysql_fetch_array($result); ?> <table width="86%" border="1" align="center"> <tr> <td height="26" class="headerback"><?php echo $site_name; ?></td> </tr> <tr> <td class="topnav" height="5"><a href="index.php" class="style2">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>"; else{ echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td> </tr> <tr> <td class="siteback1"><div align="left" class="username">Viewing Profile: <?php echo $rows['username']; ?></div> <table width="310" border="0"> <tr> <td width="408"><div id='piclayout2'><img src='images/no_pic.gif' width='106' height='90' /></div> <?php if (!isset($_SESSION['username']) == false) echo "<div align='right' style='padding-right:20px'> <p><a href='profile_edit.php' style='color:#000099'>Edit Profile</a></p> <p><a href='account_settings.php' style='color:#000099'>Account Settings</a> </p> <p><a href='manage_images.php' style='color:#000099'>Manage Images</a> </p> <a href='manage_blog.php' style='color:#000099'>Manage Blog</a><br /> </div><div align='left' style='padding-left:45px'><strong>View My:</strong><br /></div> <div align='left' style='padding-left:35px'> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>Profile</a> | <a href='view_pics.php?user=".$rows['username']."' style='color:#000099'>Pics</a> | <a href='view_blog.php?user=".$rows['username']."' style='color:#000099'>Blog</a><br /> <a href='view_friends.php?user=".$rows['username']."' style='color:#000099'>Friends</a> | <a href='view_comments.php?user=".$rows['username']."' style='color:#000099'>Profile</a></div><br/><br/> <div align='left' style='padding-left:8px'><strong>My Profile Url:</strong> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>mysite/view_user.php?id=".$rows['id']."</div>"; else{ echo "<br/><div align='right' style='padding-right:80px'> <p>".$rows['age']." Years Old</p> <p>".$rows['gender']."</p> </div><br/><br/> <table width='100' border='1'> <tr> <td align='center'> Contacting, ".$rows['username']." </td> </tr> <tr> <td style='padding-right:15px'> <img src='images/msn-icon.gif'> MSN: ".$rows['msn']."<br/><br/> <img src='images/imaim.png'> AOL IM: ".$rows['aolim']."<br/><br/> <img src='images/icon_yim.gif'> YAHOO IM: ".$rows['yim']."<br/><br/> </td> </tr> </table>"; }?> </td> </tr> </table> <p> </p></td> </tr> </table><br /> <br /><div align="center"><?php echo $copyright; ?></div> Quote Link to comment Share on other sites More sharing options...
chris_rulez001 Posted June 17, 2007 Author Share Posted June 17, 2007 thanks, i have another problem (security) when im logged in as my test account (non-admin), i can edit anyones account, it shows the edit profile and other links, what should i do? can this be changed by code? my code: <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <?php include('includes/mysql_connect_users.php'); // Connect to server and select databse. mysql_connect("$location", "$mysqlusername", "$mysqlpassword")or die("cannot connect"); mysql_select_db("$database")or die("cannot select DB"); // get value of id that sent from address bar $id = $_GET['id']; $sql2="SELECT * FROM users WHERE `id`='$id'"; $result=mysql_query($sql2); $rows=mysql_fetch_array($result); ?> <title>Minispace - Viewing Profile: <?php echo $rows['username']; ?></title> <link rel="stylesheet" href="css/stylesheet.css" /> <?php include ('includes/general.php'); ?> </head> <body> <table width="86%" border="1" align="center"> <tr> <td height="26" class="headerback"><?php echo $site_name; ?></td> </tr> <tr> <td class="topnav" height="5"><a href="index.php" class="style2">Home</a> | <a href="members.php">Members</a> | <a href="forum/index.php">Forum</a> | <a href="faq.php">FAQ</a> | <a href="view_user.php">Profile</a> | <?php if (!isset($_SESSION['username']) == false) echo "<a href='logout.php'>Logout</a>"; else{ echo "<a href='login.php'>Login</a> | <a href='register.php'>Register</a>"; }?></td> </tr> <tr> <td class="siteback1"><div align="left" class="username">Viewing Profile: <?php echo $rows['username']; ?></div> <table width="310" border="0"> <tr> <td width="408"><div id='piclayout2'><img src='images/no_pic.gif' width='106' height='90' /></div> <?php if (!isset($_SESSION['username']) == false) echo "<div align='right' style='padding-right:20px'> <p><a href='profile_edit.php' style='color:#000099'>Edit Profile</a></p> <p><a href='account_settings.php' style='color:#000099'>Account Settings</a> </p> <p><a href='manage_images.php' style='color:#000099'>Manage Images</a> </p> <a href='manage_blog.php' style='color:#000099'>Manage Blog</a><br /> </div><div align='left' style='padding-left:45px'><strong>View My:</strong><br /></div> <div align='left' style='padding-left:35px'> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>Profile</a> | <a href='view_pics.php?user=".$rows['username']."' style='color:#000099'>Pics</a> | <a href='view_blog.php?user=".$rows['username']."' style='color:#000099'>Blog</a><br /> <a href='view_friends.php?user=".$rows['username']."' style='color:#000099'>Friends</a> | <a href='view_comments.php?user=".$rows['username']."' style='color:#000099'>Profile</a></div><br/><br/> <div align='left' style='padding-left:8px'><strong>My Profile Url:</strong> <a href='view_user.php?id=".$rows['id']."' style='color:#000099'>mysite/view_user.php?id=".$rows['id']."</div>"; else{ echo "<br/><div align='right' style='padding-right:80px'> <p>".$rows['age']." Years Old</p> <p>".$rows['gender']."</p> </div><br/><br/> <table width='100' border='1'> <tr> <td align='center'> Contacting, ".$rows['username']." </td> </tr> <tr> <td style='padding-right:15px'> <img src='images/msn-icon.gif'> MSN: ".$rows['msn']."<br/><br/> <img src='images/imaim.png'> AOL IM: ".$rows['aolim']."<br/><br/> <img src='images/icon_yim.gif'> YAHOO IM: ".$rows['yim']."<br/><br/> </td> </tr> </table>"; }?> </td> </tr> </table> <p> </p></td> </tr> </table><br /> <br /><div align="center"><?php echo $copyright; ?></div> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.