Session idea [SOLVED]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
the_last_tamurai
Forum Commoner
Posts: 87
Joined: Wed Feb 28, 2007 8:24 am
Location: cairo
Contact:

Session idea [SOLVED]

Post by the_last_tamurai »

I need an idea for my code to handle sessions to members in my site
I know my following question maybe very dumb...:oops:

imagine my site like flickr.com
I make a session to every member login the site let's say $_SESSION['member']

when the the member click on any page -> I check the session and compare his identity with account and decide if he is the man he can administrate his pages else the pages will be shown to him as guest

the question here....when a member try to see other member page what is the best way to handle it without loosing his identity.

may I make a new session variable and name it for ex.[ auth_guest ] and destroy the member session variable
or what??
I know there's alot of ideas her,but I seek for brilliant one
Last edited by the_last_tamurai on Tue May 08, 2007 5:05 am, edited 1 time in total.
User avatar
CoderGoblin
DevNet Resident
Posts: 1425
Joined: Tue Mar 16, 2004 10:03 am
Location: Aachen, Germany

Post by CoderGoblin »

Normally I would save the user as the user id from the database into $_SESSION['user_id'];
When you get a page you get the page owner from the database which should be saved when creating the page.
Then simply compare the $_SESSION to the page owner. If they are the same allow maintenance. If not simply display.

The main thing here is you associate the "page" with a user_id. You can add other levels if you want such as having a "user_level" which could also be stored in the session. If this user level is "admin" you could for instance be allowed to modify any page to remove inappropriate content such as offensive language.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

Don't do anything to the session.

Very basically...

Code: Select all

$session_member_id = $_SESSION['session_member_id_logged_id_as'];
$view_member_id = $_GET['member_id_of_page_viewed'];

if ($session_member_id == $view_member_id) {

  //User is viewing his own page, display admin stuff.

} else {

  //User is viewing someone else's page, display as guest.

}
Obviously that's a massive over-simplification of what a normal site will do, but it should demonstrate that you can happily ignore the session variable if someone views a page belonging to someone else.
User avatar
the_last_tamurai
Forum Commoner
Posts: 87
Joined: Wed Feb 28, 2007 8:24 am
Location: cairo
Contact:

Post by the_last_tamurai »

Thanks alot
Post Reply