Forums
This topic is locked
user log-in & 'my profile' page restriction
Posted 16 Oct 2003 15:46:42
1
has voted
16 Oct 2003 15:46:42 Sean Johnson posted:
i have a users profile page where a user can view/update their info.i need to put user log-in and restriction so that the user can't change the 'USERID' number in the querystring and see somebody elses information/details.
the user will login with their username (email address) and password. also in the database there is a unique userid number.
so i need to have a login page that takes the user to user_profile.asp?userId=15
i need to prevent the user from changing it to user_profile.asp?userId=23 and veiwing someone elses details.
Replies
Replied 17 Oct 2003 22:16:58
17 Oct 2003 22:16:58 Marcellino Bommezijn replied:
You will have to use a the session object instead of passing the userid in a querystring that anyone could read and change.
18 Oct 2003 10:11:06 replied:
mm_ultradev, i dont suppose you would know how to do that would you?
i would like to do that also but wouldnt have an idea on how to use sessions, i dont suppose you know what the code is by any chance do you to do that??<img src=../images/dmxzone/forum/icon_smile_big.gif border=0 align=middle> <img src=../images/dmxzone/forum/icon_smile_wink.gif border=0 align=middle>
i would like to do that also but wouldnt have an idea on how to use sessions, i dont suppose you know what the code is by any chance do you to do that??<img src=../images/dmxzone/forum/icon_smile_big.gif border=0 align=middle> <img src=../images/dmxzone/forum/icon_smile_wink.gif border=0 align=middle>