0

Hi there guys, not sure if anyone can help me here. I am creating a basic members site with small gallery and I wish to lockdown the URL somehow.

e.g.

http://domainname.com/memberFiles/8/gallery/gallery_config.php

At the moment all of the other pages are locked down via a session id variable, but I need to be able to only show this page if session ID matches the number 8 in this occasion, if it doesnt I want it to destroy session.

At the moment while Im logged in viewing my gallery I can just change the member number in the browser to say to nine and see someone eles's gallery, not cool.

Hope that make some sense. Thank in advance

Rich

2
Contributors
4
Replies
6
Views
5 Years
Discussion Span
Last Post by richlacey
0

Thanks for your reply, its a little different. When a new user is created they get a new storage location e.g. numbered directory as seen above. So this changes with every user, I just don't want another user to view this page by changing the URL manually. Does that make sense?

0

Everything else stays the same, except the number right? That is where that regex comes in, it can extract that number from the url, so you can match it against your session.

Edited by pritaeas

0
if (isset($_SESSION['id'])) {
    // Put stored session variables into local php variable
    $url = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
    $path = parse_url($url);
    $folders = explode("/", $path['path']);
    $galleryuser = ($folders[2]);
    $userid = $_SESSION['id'];
    $username = $_SESSION['username'];
    $toplinks = '<a href="../../../member_profile.php?id=' . $userid . '">' .                $username . '</a> &bull; 
    <a href="../../../member_account.php">Account</a> &bull; 
    <a href="../../../logout.php">Log Out</a>';
} 
if ( $userid == ''.$galleryuser.'' ){
    }
else {
    header('Location: ../../../login.php');
    echo 'Please <a href="login.php">log in</a> to access your account';
    session_destroy(); 
    exit(); 
}

Thanks for your help guys, but I managed to get it working with the above code

Cheers Rich

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.