Page 1 of 1

PHP User ID validation

Posted: Wed Oct 04, 2006 12:56 pm
by Javrixx
So I'm building the second part of this project I'm doing for work. I've learned TONS of php to do this, but I don't know if I'm overthinking or what about this problem.

Basically, I've made certain folders for users. Each user gets a folder. I need to make it so if the user's ID doesn't equal to X, they are given a message or are redirected. And if the user's ID is equal to X, they are shown the rest of the page. I've tried like a million little scripts but none work, any experts know how to do this right off the bat?

Here is the INCOMPLETE .php file I am using.

(Note that the user must already be logged in at this point to even get this far)

results.php

Code: Select all

<?php

require('../../db_config.php');
require('../../global.php');

db_connect($mysql['username'],$mysql['password'],$mysql['database'],$mysql['host']);

$config = get_config($mysql['prefix']);

debug_mode($config['debug_mode']);

require('../auth.inc.php');

require('../../lib/MiniTemplator.class.php');
$template = new MiniTemplator;
$templatedir = '../../templates/';

if(isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['verify']))
{
	remove_user($_SESSION['username'],$mysql['prefix']);
	generate_htpasswd($mysql['prefix']);
	session_destroy();
	redirect('../../index.php');
}

$sql= 'SELECT * FROM '.$mysql['prefix'].'users WHERE username="'.$_SESSION['username'].'"';

if(!$result = mysql_query($sql))
{
	die('The following MySQL query failed. User data could not be retrieved. '.$sql);
}

while (($row = mysql_fetch_array($result)) != false)
{
	$firstname = $row['firstname'];
}


$template->readFileIntoString($templatedir."results_overall_header.html",$header);
$template->readFileIntoString($templatedir."results_results.html",$main);
$template->readFileIntoString($templatedir."results_overall_footer.html",$footer);

$template->setTemplateString($header . $main . $footer);

$template->setVariable("firstname",$firstname);


$template->setVariable("code",$javascript);
$template->addBlock("code");
$template->addBlock("javascript");

$template->setVariable("footer",show_user_footer($software_signature));
$template->setVariable("pagename","My Account");
$template->generateOutput();
?>

Posted: Thu Oct 05, 2006 8:03 pm
by s.dot
I need to make it so if the user's ID doesn't equal to X, they are given a message or are redirected

Code: Select all

if($user_id != $x)
{
    header('Location: some_page.php');
    exit;
}
:?:

Posted: Wed Oct 11, 2006 10:31 am
by Javrixx
Thanks for your help, I got it working and here is the code I am using for it:

Code: Select all

if($userid != 1)
{
    header('Location: ../../support/');
    exit;
}

Posted: Sat Oct 14, 2006 8:00 pm
by Stevenr
Javrixx wrote:Thanks for your help, I got it working and here is the code I am using for it:

Code: Select all

if($userid != 1)
{
    header('Location: ../../support/');
    exit;
}
You probably want to use the more correct way:

Code: Select all

if($userid !== true)
{
    header('Location: ../../support/');
    exit;
}