fxuser Posted December 12, 2010 Share Posted December 12, 2010 Hello, first of all i'm new here and i kinda like the community... so here i go with my question... When i register and then click on the link to get me to the log in file i have set the link for my member profile to be member.php?p=$_SESSION['id'] .. which works until now.. and lets say for instance my ID is 25... when i type on the browser member.php?p=553524 i will still be on the same page... so what i want to do is to check which id is typed and then throw them to the correct account profile or if the ID does not exist then throw them to a member-not-exist.php file.. I think i can do the how to check the id if it does exist but for the other one? Thanks in advance. Quote Link to comment Share on other sites More sharing options...
MMDE Posted December 12, 2010 Share Posted December 12, 2010 I'm just going to point out the obvious, but identifying members based on an id number that the members gives to your server is not very "safe". Anyone can pretend to be anyone... even people who are not even a member of the site. Just btw, I didn't really understand your question though... o.o you want to see somebody else's profile page? Is it just not to get the profile id by: $_GET['p'] ? =o and then fetch the profile details for that account! Would be nice if you gave us some code to work on here! =P Quote Link to comment Share on other sites More sharing options...
fxuser Posted December 12, 2010 Author Share Posted December 12, 2010 I'm just going to point out the obvious, but identifying members based on an id number that the members gives to your server is not very "safe". Anyone can pretend to be anyone... even people who are not even a member of the site. Just btw, I didn't really understand your question though... o.o lets say my registered ID = 1024 .. when i log in i have in my browser url mysite.com/member.php?p=1024 which redirects to my profile page... which can also be accessed from profile.php page too... i managed to check if the ID that is inserted in the url is the same and users ID so it will display the profile , if not it will say that user does not exist .. so i can view my own profile... what i want to do right now is to be able to see others profiles too.. How do u suggest on doing that? Quote Link to comment Share on other sites More sharing options...
fxuser Posted December 13, 2010 Author Share Posted December 13, 2010 So this is what i have got so far... i cant see others profiles , just mine and that also give me wrong details.. <?php include 'config.php'; if (isset($_GET['p'])) { $p = preg_replace('#[^0-9]#i', '', $_GET['p']); } else if (isset($_SESSION['username'])) { $p = $logOptions_id; } else { echo "something is wrong."; exit(); } $p = preg_replace('#[^0-9]#i', '', $p); $sql = mysql_query("SELECT * FROM members WHERE id='$p'"); $existCount = mysql_num_rows($sql); if ($existCount == 0) { die("user does not exist."); exit(); } while($row = mysql_fetch_array($sql)){ $id = $row["id"]; $username = $row["username"]; $password = $row["password"]; } echo "Your id is : ".$id." ,your username is: ".$username." and your password is: ".$password.""; if (isset($_SESSION['username'])){ echo "<a href='logout.php'>Click here to logout</a>."; } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.