Hi guys…
I have a log in system and when you log in you can edit your profile, I just have one problem;
Since its dynamic link you can just change link at the top and start editing someone elses profile!
I tried to solve this problem like this;
if(isset($user)) // Edit profile
{
if(isset($_GET["edit"]))
{
// First lets make sure the user is logged in
if (isLoggedIn() == $user)
{
if(isset($_GET["update"]))
{
require_once("functions/DbConnector.php");
$username = $user;
$db = new DbConnector();
$db->connect();
$presentation = $_POST["presentation"];
$query = "UPDATE login SET presentation='$presentation' WHERE username='$username'";
$result = $db->query($query);
echo "Profile updated!";
} else { // Display edit box
require_once("functions/DbConnector.php");
$username = $user;
$db = new DbConnector();
$db->connect();
$query = "SELECT * FROM login WHERE username='$username'";
$result = $db->query($query);
$rows = $db->fetchArray($result);
echo "<center><br/><b>Edit profile</b><br/><form action=\"member.php?edit=".$user."&update\" method='POST'><textarea name='presentation' rows='10' cols='80' align='center'>"
.$rows["presentation"].
"</textarea><br/>
<input type='submit' value='Update Profile' name='submit'>
</form>
</center>
";
}
}
}
}
But instead I cant now even edit my own profile.
Here is the old code if anyone needs it:
if(isset($_GET["edit"])) // Edit profile
{
// First lets make sure the user is logged in
if(session_is_registered("username") && session_is_registered ("user_password") && $_SESSION["username"] == $_GET["edit"])
{
if(isset($_GET["update"]))
{
require_once("functions/DbConnector.php");
$username = $_GET["edit"];
$db = new DbConnector();
$db->connect();
$presentation = $_POST["presentation"];
$query = "UPDATE login SET presentation='$presentation' WHERE username='$username'";
$result = $db->query($query);
echo "Profile updated!";
}
else
{ // Display edit box
require_once("functions/DbConnector.php");
$username = $_GET["edit"];
$db = new DbConnector();
$db->connect();
$query = "SELECT * FROM login WHERE username='$username'";
$result = $db->query($query);
$rows = $db->fetchArray($result);
echo "<center><br/><b>Edit your profile</b><br/>
<form action=\"member.php?edit=".$_GET["edit"]."&update\" method='POST'>
<textarea name='presentation' rows='10' cols='80' align='left'>"
.$rows["presentation"].
"</textarea><br/>
<input type='submit' value='Update' name='submit'>
</form>
</center>
";
}
}
}
All I want to be changed is that the users can edit any other profiles but their own =)
The best way to solve your problem is to use the session variables.
Put session_start() in the first line of your php file. In the login save the users name in the session and check if the user that is being editted is the same as the logged in user saved in the session.
Anyhow this is also the way to go if you want to check if a user has logged in.
Yes, sorry I forgot to say that, but this is just a part of the code, I allredy sessioned the username and I do of course have start session. As you can see this is just I been trying to do in the script, but for some reason it doesn’t work:(
You have to find out if it is at least going through the else statement. I always throw in an echo just to check if that part of the code is getting processed. add this echo and let me know if the BLAH is displayed. if it’s not, then it’s not even going throught the else statement.
or you could just check your source in the browser and see if the form tags are there.
Analyze that if statement. you can probably echo those variables BEFORE THE STATEMENT to see what they contain and see why the if statement is resulting in false.
I wasnt really using session_is_registered, someone told me to try that and see if that helps, and then I forgot to remove it when I create this thread.
