hi,
i have a site which is secure with a username and password combination with mysql backend database.
the encryption is sha1 for the password.
what about securing the url? at the moment it displays for example:
page_name.php?ID=24
if you modify the ID other users can see other pages they should not be able to.
would it be best to use a script like this:
http://www.phpclasses.org/browse/file/10749.html
many thanks
Jump to PostYou could store the user's ID in the
$_SESSIONvariable and then check if the user's ID matches the ID in the URL, and if not, redirect:// Whenever you set your $_SESSION info, set: $_SESSION['user_id'] = $user_id; // Then, on page_name.php: session_start(); if($_SESSION['user_id'] != $_GET['ID']) …
You could store the user's ID in the $_SESSION variable and then check if the user's ID matches the ID in the URL, and if not, redirect:
// Whenever you set your $_SESSION info, set:
$_SESSION['user_id'] = $user_id;
// Then, on page_name.php:
session_start();
if($_SESSION['user_id'] != $_GET['ID']) // If the user is viewing a page that does not match her ID
header("Location: page_name.php?ID=".$_SESSION['user_id']); // redirect to user's own page.thanks for the help, i have added this and seems to work.
thanks
Glad to help!
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.