0

hi,

i have a site which is secure with a username and password combination with mysql backend database.

the encryption is sha1 for the password.

what about securing the url? at the moment it displays for example:

page_name.php?ID=24

if you modify the ID other users can see other pages they should not be able to.

would it be best to use a script like this:

http://www.phpclasses.org/browse/file/10749.html

many thanks

2
Contributors
3
Replies
5
Views
7 Years
Discussion Span
Last Post by EvolutionFallen
2

You could store the user's ID in the $_SESSION variable and then check if the user's ID matches the ID in the URL, and if not, redirect:

// Whenever you set your $_SESSION info, set:
$_SESSION['user_id'] = $user_id;

// Then, on page_name.php:
session_start();
if($_SESSION['user_id'] != $_GET['ID'])  // If the user is viewing a page that does not match her ID
   header("Location: page_name.php?ID=".$_SESSION['user_id']); // redirect to user's own page.

Edited by EvolutionFallen: typo

0

thanks for the help, i have added this and seems to work.

thanks

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.