I have set up a basic system where users can sign up, login and view their own profile. However, currently their information is displayed on the profile page using a SESSION variable to store their username. All other data is then based on this. However if they then view another persons profile, the information will not be correct because it will alter to show whatever result was pulled from $ session.
How would I create properly functioning profile pages. A good example of what I am trying to achieve would be YouTube. Whenever a user adds a comment, their username is attached, this then acts as a link to their profile.
I don't have any code for this. I wouldn't know where to start.
Because there is no code for me to try and help you out I will give you a few pointers.
First of all don't use the usernames of the users to identify and link them to their profile 2 or more people could have the same username then you are screwed, rather use their id's to uniquely identify them.
Keep the users data that is currently logged in, in the session variables because you don't want to lose this when he navigates away from the browse user profiles page.
If you use the users id's to identify them you can send their id through the url without to much of a security issue. So where you display all the users to view you can create a url that looks something like this href="user_profile.php?user_id=<?php echo $user_id; ?>". Then on the page where you want to view the user profile that has been selected you can use $_GET['user_id']. You can then use the id to get all the details for that specific user by querying the databse for a user with this user_id.
destroy the session while user logout. so you can got proper data
you are using session of username of user which is logged in.
so user who is logged in can view his own profile with session username.
if user want to view profile of another user then there you have two way to perform it.
Create another page to view any user profile. pass username as query string and find user information which you want to display.
or
2-Use same page of user profile for your own and other. and pass the username on this page whose information you want to display.
you have to apply a condition there that is -- if there is set a username pass through post or get method retrieve the information of the passed user. or if not set that retrieve the information of the user which is in session (own information)
Related
I create an online store website
when user add some product to cart i save this information in session (if user not logged in)
and
when user logged in and select some product i insert them into table
is this true way?
can i store all information of user selected product in session?
I think the best way to go in this case is not using the database at all, but use cookies instead.
PHP Cookies
This way you don't have to query the database, and all data will be saved on the computer of the user. This will also keep the information for the people who are not logged in. Which will be more user friendly.
Better to store items in session (for both visitors or logged in people)
Only needeed of store them is only when they intend to buy the product.
On visit (even if user is loged in or not) you donot have to store them in db.
Further, use db only for values you have to refer in future.
I have made a PHP application which will be used by many users. When a user logins, i create a session and keep the user id and some other details in the session. There are some ajax requests when the user edits his profile. So in no way i am exposing the user id. But i always refer to the session. Even when the user saves his profile, the controller gets the id from session and then passes it to the model.
Now there is an admin, who should be able to view/edit any profile. This is done. I have a admin page with a user table. When he clicks on any player, it goes to another controller, which creates the session for that user and then admin can edit the profile. Any requests that go from the admin page, the session is first erased keeping the admin variable active and then the user session is appended.
Problem: When the admin tries to view multiple profiles at once, he can do that. But when the admin tries to edit multiple profiles at the same time(open new browser tabs for each user), it fails because the the last tab what he opens sets the new session for that particular user.
How can I get over this scenario ? What options do i have ? Is it possible ?
I don't want to append user'ids on all urls. They are not safe, especially for urls which do update/delete.
The short answer:
if it is under the admin panel you may pass the id of an user, it is safe, you trust your admins right?
Long answer (my own idea):
Store the reference, unique id to the user, and pair it with the session variable.
For instance:
$_SESSION['editing_users'][YOUR_USER_ID] = uniqid();
then print it in the form.
After submitting the form you should get the variable, passed via input with hidden attribute.
Find the unique id in your session array, and get ID of the target user from the key.
So currently on my member website, I'm doing things the easy way and using the same page for every users profile, just using the $_SESSION code to bring up different user information depending on the current logged in user.
My question is, how would I bring up other users information? Say if I was searching through the members, clicked a name it should bring up their profile, how could I get that working if I don't have separate pages for each member? Any ideas?
My solution is simple.
Let's say, from what you said, you store logged in user ID on $_SESSION and so, you get and use that user ID when you visit the page to fetch the user info from the database, then display it.
Now, here's what I think. Just have a simple IF statement.
$uid = (isset($_GET['uid'])) ? $_GET['uid'] : $_SESSION['uid'];
$query = "SELECT * FROM users WHERE id = $uid";
It gets the ID from the URL if it is set, if not, use the id from the session.
// this is an example of a URL with uid = 12.
http://yourwebsite.com/profile.php?uid=12
So what this does, even if a user is logged in, if s/he visit the page with a uid = n, s/he will see someone else's profile.
And so, you have to append/have uid = n on every link of your user list.
NOTE: That just a quick and simple example, that code isn't good as is. (i.e. security and validation)
Use a post or get variable of the members ID to display a generic "public" member page for each member, then only display the special "private" features to the user who has a matching Session ID to that member ID. You will have to check the member ID against the session ID each time you are about to echo something "private". When he views other members the ID wont match so he will only see their "public" page and vice versa.
I have a site that I'm working on building. I have a login/registration system in place and a member profile system in place.
When a user logs in, they are automatically directed to their profile page. They have the option to click an edit profile link and edit their data. They can also click another link to go back to viewing their profile.
Currently this works great.
The issue I am having is that I have a link in the navigation bar called 'User List'. This link should fetch a list of all the current users in the database, which it does with uid=(appropriate user id #) at the end of the url, however, when you click on any of these links, the profile it returns is for that of the logged in user, and not that for the name that they clicked.
I am aware that the issue is caused by my function in the profile.php page which states:
<?php
include('core/init.inc.php');
$user_info = fetch_user_info($_SESSION['uid']);
?>
Since the profile page is being told to use the session uid, I understand that any redirect to the profile.php page will show the logged in users info.
So, if I change this function to $_GET['uid']' then my problems flip. I am able to correctly view the profiles for the users in the user list but then my logged in user can no longer view their profile or edit it since there is no call to the session uid.
So, I guess I'm wondering how I fix this. How do you separate profiles that are not for the logged in person vs their own individual profile? Please let me know what code you need to see and I'd be happy to post it.
You can make a check, If the $_GET['uid'] is set then fetch user info using this variable otherwise use the session variable to fetch the user info.
<?php
include('core/init.inc.php');
if (isset($_GET['uid']) && $_GET['uid'] !='')
{
$user_info = fetch_user_info($_GET['uid']);
}
else
{
$user_info = fetch_user_info($_SESSION['uid']);
}
?>
I am building a social network site, and I am wondering how can I display a interactive tutorial and information on users first login.
Such as only on the first login, users are asked to fill more information on their profile .
How can I achieve this though php and mysql?
Example:
When a user signs up to your website, you can add a field which stores the date of their last login. When that field is still NULL for example - it's their first login.
You could achieve this by simply adding a column to your userprefs table (or whatever you use to store your user-specific settings), with a boolean/int defining whether they've completed the tutorial.
Upon completion (or when the user clicks Dismiss), you set the value for that user to true/1.