another session problem
Posted: Mon Nov 06, 2006 12:05 am
Ok here I am again with another little problem. I am so close to working out all of my bugs so any help is welcome! Here is what is happening now....I have created a reunion web site where people create profiles, can log in and edit their profiles, and can view other classsmates' profiles. The problem I am having is that when a user logs in, they can only view their own profile and cannot see others'. I'm thinking that my script is reading the id from my session script I have for some links at the top of the page instead of reading the other profiles' id. If any of that makes sense. If you want to try logging in to my site and seeing for yourself what is happening, the link is http://www.sbhs76.com. You can use my test account information: email - webmaster@sbhs76.com password - testing. Here is the script I am using to view the profiles:
Code: Select all
<?php
require 'db_connect.php';
//start links at top of screen
if ($logged_in == 1) {
$sql = "SELECT * FROM `signup` WHERE email = '".$_SESSION['email']."' AND password = '".$_SESSION['password']."' LIMIT 1";
$result = mysql_query($sql,$db);
while ($newArray = mysql_fetch_array($result))
{
$id = $newArray['id'];
echo "<a href=\"logout.php\"><font color=\"#FFFFFF\">Logout</font></a> | <a href=\"myprofile.php?id=$id\"><font color=\"#FFFFFF\">Edit My Profile</font></a> ";
}
mysql_close($sql,$db);
}
else {
echo "<a href=\"login.php\"><font color=\"#FFFFFF\">Login</font></a> | <a href=\"signup.php\"><font color=\"#FFFFFF\">Add My Profile</font></a>";
}
//end links at top of screen
?>
</span></td>
<td width="194" height="27"><img name="n7" src="images/7.gif" width="194" height="27" border="0" alt=""></td>
<td width="6" height="27"><img name="n9" src="images/9.gif" width="6" height="27" border="0" alt=""></td>
<td height="27"><img src="images/spacer.gif" width="1" height="27" border="0" alt=""></td>
</tr>
<tr>
<td background="images/left_bar.gif"> </td>
<td colspan="2" valign="top" bgcolor="#FFFFFF"> <table width="100%" border="0">
<tr>
<td>
<?php
//start profile data
require 'db_connect.php';
$sql2 = "SELECT * FROM `signup` WHERE id LIKE '%".$id."%'";
$result2 = mysql_query($sql2,$db);
while ($newArray = mysql_fetch_array($result2))
{
$id = $newArray['id'];
$firstname = $newArray['firstname'];
$maidenname = $newArray['maidenname'];
$lastname = $newArray['lastname'];
$email = $newArray['email'];
$city = $newArray['city'];
$state = $newArray['state'];
$url = $newArray['url'];
$myspace = $newArray['myspace'];
$update = $newArray['update'];
$date_modified = $newArray['date_modified'];
$email_private = $newArray['email_private'];
$aol = $newArray['aol'];
echo "everything";
}
?>