i have a site which is secure with a username and password combination with mysql backend database.

the encryption is sha1 for the password.

what about securing the url? at the moment it displays for example:


if you modify the ID other users can see other pages they should not be able to.

would it be best to use a script like this:


many thanks

You could store the user's ID in the $_SESSION variable and then check if the user's ID matches the ID in the URL, and if not, redirect:

// Whenever you set your $_SESSION info, set:
$_SESSION['user_id'] = $user_id;

// Then, on page_name.php:
if($_SESSION['user_id'] != $_GET['ID'])  // If the user is viewing a page that does not match her ID
   header("Location: page_name.php?ID=".$_SESSION['user_id']); // redirect to user's own page.

thanks for the help, i have added this and seems to work.