How do I check if a user can view a page
Posted: Thu Jul 20, 2006 2:59 pm
Hi,
I have a php page which shows an edit screen for properties, depending on the url id;
the page url is as follows;
http://www.somthing.com/property_page?var=1
I would like to prevent other users from accessing pages by typing in a generic var number, ie;
http://www.something.com/property_page?var=2 ... 3... 4... etc
I have a session id for the users in numerics, ie, 1, 2, 3 etc. and this is how the users are identified.
I have already performed a basic security check to see whether the user is logged in or not, if not they are redirected.
I would also like to redirect logged in users who attempt to pull up data for other properties using url insertion as above.
The database currently consists of two tables;
users
homes
When a user posts a new home the home has a posted_by value, which is the same as the user_id value.
I would like to carry out a query and then a loop to check whether the current user_id matches the var (url) value.
Please help.
I have a php page which shows an edit screen for properties, depending on the url id;
the page url is as follows;
http://www.somthing.com/property_page?var=1
I would like to prevent other users from accessing pages by typing in a generic var number, ie;
http://www.something.com/property_page?var=2 ... 3... 4... etc
I have a session id for the users in numerics, ie, 1, 2, 3 etc. and this is how the users are identified.
I have already performed a basic security check to see whether the user is logged in or not, if not they are redirected.
I would also like to redirect logged in users who attempt to pull up data for other properties using url insertion as above.
The database currently consists of two tables;
users
homes
When a user posts a new home the home has a posted_by value, which is the same as the user_id value.
I would like to carry out a query and then a loop to check whether the current user_id matches the var (url) value.
Please help.