ohdang888 Posted March 2, 2008 Share Posted March 2, 2008 i'm using sessions... When someone logs in, the session starts. Each members has an "id". And i have an "edit_settings.php?id=NUMBER OF MEMBER" So how would i make sure that only the person signed in with the session id of "4", could only change their own settings? <?php // always start a session session_start(); // if user does not have session open, direct them to login.php if (!isset($_SESSION['email'])){ header("Location:login.php"); exit(); } ?> Quote Link to comment Share on other sites More sharing options...
trq Posted March 2, 2008 Share Posted March 2, 2008 You wouldn't bother with this... [And i have an "edit_settings.php?id=NUMBER OF MEMBER" at all. edit_setting.php might look something like.... <?php session_start(); if (isset($_POST['submit'])) { $setting = mysql_real_escape_string($_POST['setting']); $sql = "UPDATE usersettings SET setting = '$setting' WHERE user_id = '{$_SESSION['id']}'"; } ?> Quote Link to comment Share on other sites More sharing options...
ohdang888 Posted March 2, 2008 Author Share Posted March 2, 2008 ok. it makes a little more sense now! but a few questions... 1)if they go a page that does not require to be logged in, will their session be lost? 2)There is a page both members, and non-members can see, but only members can leave comments, etc.... How would i do that? just a session_start(); at the top????? 3)So session id obviously starts are log in, so to get the id for the session, would it be this? And when would the session be destoryed, only when they log out, or also when they close their browser? $user_info = mysql_fetch_array($result); $id = stripslashes($user_info['id']); if($count==1){ // if user login is successful then create session and direct to members.php $_SESSION['email']=$email; $_SESSION['id']=$id; echo "<meta http-equiv='refresh' content='0;url=member_home.php'>"; }else { // if user login is wrong direct to failed.php session_destroy(); echo "<meta http-equiv='refresh' content='0;url=failed.php'>"; } Quote Link to comment Share on other sites More sharing options...
ohdang888 Posted March 2, 2008 Author Share Posted March 2, 2008 is it more efficent to name a session? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.