Profile id check

[fxuser]

Hello, first of all i'm new here and i kinda like the community... so here i go with my question...

 

When i register and then click on the link to get me to the log in file i have set the link for my member profile to be member.php?p=$_SESSION['id'] .. which works until now.. and lets say for instance my ID is 25... when i type on the browser member.php?p=553524 i will still be on the same page... so what i want to do is to check which id is typed and then throw them to the correct account profile or if the ID does not exist then throw them to a member-not-exist.php file..

 

I think i can do the how to check the id if it does exist but for the other one?

 

Thanks in advance.

[MMDE]

I'm just going to point out the obvious, but identifying members based on an id number that the members gives to your server is not very "safe". Anyone can pretend to be anyone... even people who are not even a member of the site. Just btw, I didn't really understand your question though... o.o you want to see somebody else's profile page?

 

Is it just not to get the profile id by: $_GET['p'] ? =o

and then fetch the profile details for that account!

 

Would be nice if you gave us some code to work on here! =P

[fxuser]

I'm just going to point out the obvious, but identifying members based on an id number that the members gives to your server is not very "safe". Anyone can pretend to be anyone... even people who are not even a member of the site. Just btw, I didn't really understand your question though... o.o

 

 

lets say my registered ID = 1024 .. when i log in i have in my browser url mysite.com/member.php?p=1024 which redirects to my profile page... which can also be accessed from profile.php page too... i managed to check if the ID that is inserted in the url is the same and users ID so it will display the profile , if not it will say that user does not exist .. so i can view my own profile... what i want to do right now is to be able to see others profiles too..

 

How do u suggest on doing that?

[fxuser]

So this is what i have got so far... i cant see others profiles , just mine and that also give me wrong details..

 

<?php
include 'config.php';

if (isset($_GET['p'])) {
 $p = preg_replace('#[^0-9]#i', '', $_GET['p']);
} else if (isset($_SESSION['username'])) {
 $p = $logOptions_id;
} else {
   echo "something is wrong.";
   exit();
}


$p = preg_replace('#[^0-9]#i', '', $p);
$sql = mysql_query("SELECT * FROM members WHERE id='$p'");
$existCount = mysql_num_rows($sql);
if ($existCount == 0) {
 die("user does not exist.");
   exit();
}

while($row = mysql_fetch_array($sql)){ 
    $id 	  = $row["id"];
$username = $row["username"];
$password = $row["password"];
}

echo "Your id is : ".$id." ,your username is: ".$username." and your password is: ".$password."";
if (isset($_SESSION['username'])){

echo "<a href='logout.php'>Click here to logout</a>.";
}