prije svega da se zahvalim za pomoc na prosloj temi :p
e sada :
napravio sam mali "user sistem". Sada ocu da zastitim neke stranice kao sto su :
admin.php, admin_delete_user.php, admin_edit_user.php i edit_user.php (da user edituje sam sebe). Znaci da user sa ID-om 328974382 ne moze edotovat usera sa ID-om 5 :s ili da neko sad u exploeru napise url http://localhost/edit_user?id=123 i da ga edituje :s
Mislio sam to nekako da uradim pomocu imena ...
Code:
<?
session_start();
include ("config.php");
if (isset($HTTP_POST_VARS['name']) && isset($HTTP_POST_VARS['password'])) {
$ime = $HTTP_POST_VARS['name'];
$sifra = $HTTP_POST_VARS['password'];
$query = mysql_query("SELECT * FROM user WHERE password='$sifra' AND name='$ime' LIMIT 1");
if(mysql_num_rows($query)) {
while($r=mysql_fetch_array($query)){
$id=$r['id'];
$name=$r['name'];
$HTTP_SESSION_VARS['user_name'] = $name;
echo $HTTP_SESSION_VARS['user_name'];
echo " <a href=user.php?id=$id>proceed</a>";
}
}
}
?>
<?
session_start();
include ("config.php");
if (isset($HTTP_POST_VARS['name']) && isset($HTTP_POST_VARS['password'])) {
$ime = $HTTP_POST_VARS['name'];
$sifra = $HTTP_POST_VARS['password'];
$query = mysql_query("SELECT * FROM user WHERE password='$sifra' AND name='$ime' LIMIT 1");
if(mysql_num_rows($query)) {
while($r=mysql_fetch_array($query)){
$id=$r['id'];
$name=$r['name'];
$HTTP_SESSION_VARS['user_name'] = $name;
echo $HTTP_SESSION_VARS['user_name'];
echo " <a href=user.php?id=$id>proceed</a>";
}
}
}
?>
... sto je sve uredu. Na liniji echo $HTTP_SESSION_VARS['user_name']; mi ispise ime usera.
user.php kod :
Code:
<?
session_start();
header("Cache-control: private");
include ("config.php");
echo $id;
if (isset ($HTTP_SESION_VARS['user_name']))
{
$id = $HTTP_GET_VARS['id'];
$query = mysql_query("SELECT * FROM user WHERE id=$id") or die ("Cannot query the database.<br>" . mysql_error());
while($result = mysql_fetch_array($query)) {
$name = $result["name"];
$password = $result["password"];
$id = $result["id"];
$info = $result["info"];
echo "Ime: $name Pass : $password Tvoj ID: $id Tvoj Info : $info";
echo "<br><a href=edit_user.php?id=$id>Edit</td>";
echo "<br><a href=logout.php>Logout</td>";
}
}
else {
if (isset($name))
{
echo "Couldn't log you in !";
}
else
{
echo "You are not logged in ! <a href=register.php>Register</td>";
}
}
?>
<?
session_start();
header("Cache-control: private");
include ("config.php");
echo $id;
if (isset ($HTTP_SESION_VARS['user_name']))
{
$id = $HTTP_GET_VARS['id'];
$query = mysql_query("SELECT * FROM user WHERE id=$id") or die ("Cannot query the database.<br>" . mysql_error());
while($result = mysql_fetch_array($query)) {
$name = $result["name"];
$password = $result["password"];
$id = $result["id"];
$info = $result["info"];
echo "Ime: $name Pass : $password Tvoj ID: $id Tvoj Info : $info";
echo "<br><a href=edit_user.php?id=$id>Edit</td>";
echo "<br><a href=logout.php>Logout</td>";
}
}
else {
if (isset($name))
{
echo "Couldn't log you in !";
}
else
{
echo "You are not logged in ! <a href=register.php>Register</td>";
}
}
?>
on mi samo kaze "You are not logged in ! Register" (tacano ime i tacna sifra ...)
kako cu ovaj problem rijesit i kako da stavim da svaki user moze samo svoj "profil" editovat
thx4any help (:
[Ovu poruku je menjao pasvord dana 03.12.2004. u 15:41 GMT+1]