Member Avatar for BilalAKhan

Hi,

In my website, Blog is a small portion. I have managed to make and insert the blog. In manage blog area I am giving a user this a authority to manage their written blogs. At this point I am getting a problem. When I am logged as 'A' (A represents as a login name) and write a blog and then signout, and login as 'B'. The blog recently written by 'A' is shown in 'Bs' Manage Profile portion. This means that there is no security what so ever. B can see and Delete A's blog.

I have an idea to play with two different tables and bring login as a foreign key in the blog table and then put it against the session variable in order to see if the blog was written by the same user.

I am new at PHP & MYSQL , I would appreciate any suggestions, any reading material and any help on this.

Regards,

Bilal A. Khan

  • 3 Contributors
  • 3 Replies
  • 78 Views
  • 10 Hours Discussion Span
  • Latest Post Latest Post by simplypixie

Recommended Answers

All 3 Replies

Member Avatar for urtrivedi

when you click on logout, you must call some file say logout.php in which you must destroy session like

<?php
        session_start();

	session_unset('userid');
	session_unset('username');
			
	session_destroy();

	header("Location: login.php");
?>
Edited by urtrivedi because: n/a
Member Avatar for BilalAKhan

when you click on logout, you must call some file say logout.php in which you must destroy session like

<?php
        session_start();

	session_unset('userid');
	session_unset('username');
			
	session_destroy();

	header("Location: login.php");
?>

Correct.. I agree. My Code is given Below:

$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}

Now it is doing the same thing. But the question is that if I login as a different user how does my website prevent blogs that 'A' user has written from 'B' user?/ or the user has written. Right now it is showing me all the blogs.

Regards,

Bilal A. Khan

Member Avatar for simplypixie 
SELECT * FROM blogs WHERE username='".$_SESSION['MM_Username']."'

Use this code to only select the blogs written by the logged in user

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.