jd2007 Posted July 17, 2007 Share Posted July 17, 2007 i created a membership system where a user has a profile. I want the functionality of letting a member view other members's profile but not being able to edit their profile...how do i do this...give me a hint or idea... Quote Link to comment Share on other sites More sharing options...
Panjabel Posted July 17, 2007 Share Posted July 17, 2007 1)after login create a cookie setcookie("registered", $_POST['userid'], time()+3600); 2) in Profile page, check if the cookie is setted by specific user if ($_COOKIE['registered']==$_GET['profile_member_id']){ // hope you did understand Quote Link to comment Share on other sites More sharing options...
jd2007 Posted July 17, 2007 Author Share Posted July 17, 2007 thanks...does the above check wheter the person viewing the profile is the owner of the profile or not ? Quote Link to comment Share on other sites More sharing options...
Panjabel Posted July 17, 2007 Share Posted July 17, 2007 member.php?userid=member_userid so you need to check if the $_COOKIE['registered'] = $_GET['userid'], then show the edit button on the edit page check if the profile you want to edit = $_COOKIE['registered'], if not redirect, if yes, show the page Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted July 17, 2007 Share Posted July 17, 2007 That's too insecure. I can just set my cookie to the id of the admin, then I can edit his/her profile... Quote Link to comment Share on other sites More sharing options...
jd2007 Posted July 17, 2007 Author Share Posted July 17, 2007 what should i do then ? Quote Link to comment Share on other sites More sharing options...
GingerRobot Posted July 17, 2007 Share Posted July 17, 2007 Without having any idea of how your code currently works, its all going to be a bit difficult to say how you shoud do this. How are you storing the users profiles? Do you set sessions when someone logs in? Typically, you would have two pages. One would be something like editprofile.php. The other, viewprofile.php. editprofile.php would get the current user's profile from a database. You would search for their profile based on which user is currently logged in. Something like: <?php $user = $_SESSSION['user'];//presumably you are setting some sessions on login //here you would check to see if a form has been posted to a page, if so, check the new profile and update the databse $sql = mysql_query('SELECT `profile` FROM `users` WHERE `user`='$user'"); $profile = mysql_result($sql,0,"profile"); echo "<textarea name='profile'">$profile</textarea>"; //the rest of your form ?> Whislt viewprofile.php would be something like: <?php $id = $_GET['id'];//you would pass the id of the person's profile you want to look at through the url //e.g. viewprofile.php?id=123 $sql = mysql_query('SELECT `profile` FROM `users` WHERE `userid`='$id'"); $profile = mysql_result($sql,0,"profile"); echo $profile; ?> Its quite difficult to give anything definitive here. It all depends on how you are already doing things. Quote Link to comment Share on other sites More sharing options...
jd2007 Posted July 17, 2007 Author Share Posted July 17, 2007 hi...i use sessions... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.