3
Contributors
12
Replies
13
Views
10 Years
Discussion Span
Last Post by digital-ether
0

Hey everyone. Ive been trying to set up a link that will allow people to see their profiles but I cant get the link to work. I have a center column that on each click gets the variable $page and loads the correct page using an include("profile.php"); Now I need the link to look like this:

echo "<a href=\"index.php?page=userinfo?user=$session->username\">Edit Account</a>";

Where the var page is set to userinfo and the var user is set to the current user logged in. I know the above syntax isnt correct but I dont know how else to show everyone what I want accomplished. Any suggestions?? Thanks!

The syntax of the php code looks ok. But as it is, PHP doesn't know for sure if $session->username is a variable in the string. You may want to surround your variables with {} to make this clear to the PHP parser. Eg:

echo "<a href=\"index.php?page=userinfo?user={$session->username}\">Edit Account</a>";

For this particular link however, it does not make sense to pass the username in the URL.

Normally you'd go with:

echo "<a href=\"index.php?page=userinfo\">Edit Account</a>";

Assuming this will make your code include profile.php.

include("profile.php");

You should then have the session check in profile.php.

Eg:

if (empty($session->username)) {
// die() or redirect header("Location: login.php") etc... 
} else {
// now show the users profile

}
0

...I have a center column that on each click gets the variable $page and loads the correct page using an include("profile.php"); Now I need the link to look like this:

echo "<a href=\"index.php?page=userinfo?user=$session->username\">Edit Account</a>";

...

When you say the variable $page, I believe you really mean the variable $_GET

When you have a url such as index.php?page=userinfo, the varialbe $_GETpage[/B]'] will be set to the string: "userinfo" automatically by PHP in the file index.php.

If PHP has "register globals" enabled in its configuration, then the variable $page will also be set to "userinfo".

This is however disabled by default in later versions of PHP due to security risks in the way PHP code is written when "register globals" is enabled.

You should always write you code to retrieve HTTP varialbles from either the "$_GET array" or the "$_POST array".

0

I'm still stuck but I think I'm on the right track. The link to the user profile is supposed to be

userinfo.php?user=session->username

But I changed the format of the entire program to use this massive switch statement below:

<?php
    
    $page = $_GET['page'];

    switch ($page)
    {
        case register://Register was clicked
            include("register.php");
            break;
        case welcome://The main home page
            include("welcome.php");
            break;
        case forgotpass://Forgot password was clicked
            include("forgotpass.php");
            break;
        case userinfo://User info page
            include("userinfo.php?user=$session->username");
            break;
        case admincenter://Admin center - FOR ADMINS ONLY!
            include("admin/admin.php");
            break;
        default:
            include("welcome.php");
    }
?>

Now, when the "My Account" button is clicked it sets page = userinfo which should in turn, include("userinfo.php?user=$session->username");. Now I get something different than "Username not registered", I get an actuall PHP error which is bellow. Any suggestions?? Thanks again!

Warning:  include(userinfo.php?user=admin) [ function.include ]: failed to open stream: Invalid argument in C:\Server\www\center.php on line 17

Warning:  include() [ function.include  on line ]: Failed opening 'userinfo.php?user=admin' for inclusion (include_path='.;C:\php5\pear') in C:\Server\www\center.php17

BTW, center.php is the switch statement I included above.

0

its wierd because when I change the switch statement to just
include("userinfo.php");

It find the page and give me an error that it cant find my username. When I change the switch to this:

include("userinfo.php?user={$session->username}");

It cant find the page at all. So confused.

0

One last thing, this is the line in my userinfo.php thats causing me problems:

//Requested Username error checking
$req_user = trim($_GET['user']);
if(!$req_user || strlen($req_user) == 0 || !eregi("^([0-9a-z])+$", $req_user) || !$database->usernameTaken($req_user))
{
    die("Username not registered.<br>Back to main page [<a href=\"index.php\">Home</a>]");
}

It keeps telling me "Username not registered". Any help would be much appreciated.

0

Man I can't believe i missed that echo in the first post. I thought you were in html mode...

You don't want to call your include that way. This is kind of backwards but try it:

$_GET['username'] = $session->username;
include("userinfo.php");
0

Ok, still stuck. I changed my include to what you said and I still get the error, " Username not registered.":(

0

UPDATE: SO i figured it out. I moved the statement you told me to put in before the include statement to the top of the userinfo.php :

$req_user = $_GET['username'] = $session->username;

And this seems to work. However I am concerned about security issues. Does anyone see anyproblems with what I am doing?

Thanks for all the help!

0

Also, now my problem is that another user would not be able to view someone elses page because it always sets the user to yourself. So i'm kinda back to square one. Anyone see a way out of this? Thanks

0

Make a page for viewing profiles, that won't show anything that is private or allow any edits. This page you can pull the username from the page link.

Then make a seperate page only for editing. This page would pull the username from your session variable after they have logged in.

0

UPDATE: SO i figured it out. I moved the statement you told me to put in before the include statement to the top of the userinfo.php :

$req_user = $_GET['username'] = $session->username;

And this seems to work. However I am concerned about security issues. Does anyone see anyproblems with what I am doing?

Thanks for all the help!

Try placing some debugging in your PHP code so you can check the value of your variables and what not.

eg:

$req_user = $_GET['username'] = $session->username;

echo "HTTP Username: {$_GET['username']} <br />";
echo "Session Username: {$session->username} <br />";

echo "\$reg_user: {$reg_user} <br />";

or something like that.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.