PHP User ID validation
Posted: Wed Oct 04, 2006 12:56 pm
So I'm building the second part of this project I'm doing for work. I've learned TONS of php to do this, but I don't know if I'm overthinking or what about this problem.
Basically, I've made certain folders for users. Each user gets a folder. I need to make it so if the user's ID doesn't equal to X, they are given a message or are redirected. And if the user's ID is equal to X, they are shown the rest of the page. I've tried like a million little scripts but none work, any experts know how to do this right off the bat?
Here is the INCOMPLETE .php file I am using.
(Note that the user must already be logged in at this point to even get this far)
results.php
Basically, I've made certain folders for users. Each user gets a folder. I need to make it so if the user's ID doesn't equal to X, they are given a message or are redirected. And if the user's ID is equal to X, they are shown the rest of the page. I've tried like a million little scripts but none work, any experts know how to do this right off the bat?
Here is the INCOMPLETE .php file I am using.
(Note that the user must already be logged in at this point to even get this far)
results.php
Code: Select all
<?php
require('../../db_config.php');
require('../../global.php');
db_connect($mysql['username'],$mysql['password'],$mysql['database'],$mysql['host']);
$config = get_config($mysql['prefix']);
debug_mode($config['debug_mode']);
require('../auth.inc.php');
require('../../lib/MiniTemplator.class.php');
$template = new MiniTemplator;
$templatedir = '../../templates/';
if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['verify']))
{
remove_user($_SESSION['username'],$mysql['prefix']);
generate_htpasswd($mysql['prefix']);
session_destroy();
redirect('../../index.php');
}
$sql= 'SELECT * FROM '.$mysql['prefix'].'users WHERE username="'.$_SESSION['username'].'"';
if(!$result = mysql_query($sql))
{
die('The following MySQL query failed. User data could not be retrieved. '.$sql);
}
while (($row = mysql_fetch_array($result)) != false)
{
$firstname = $row['firstname'];
}
$template->readFileIntoString($templatedir."results_overall_header.html",$header);
$template->readFileIntoString($templatedir."results_results.html",$main);
$template->readFileIntoString($templatedir."results_overall_footer.html",$footer);
$template->setTemplateString($header . $main . $footer);
$template->setVariable("firstname",$firstname);
$template->setVariable("code",$javascript);
$template->addBlock("code");
$template->addBlock("javascript");
$template->setVariable("footer",show_user_footer($software_signature));
$template->setVariable("pagename","My Account");
$template->generateOutput();
?>