hi,

i have a site which is secure with a username and password combination with mysql backend database.

the encryption is sha1 for the password.

what about securing the url? at the moment it displays for example:

page_name.php?ID=24

if you modify the ID other users can see other pages they should not be able to.

would it be best to use a script like this:

http://www.phpclasses.org/browse/file/10749.html

many thanks

You could store the user's ID in the $_SESSION variable and then check if the user's ID matches the ID in the URL, and if not, redirect:

// Whenever you set your $_SESSION info, set:
$_SESSION['user_id'] = $user_id;

// Then, on page_name.php:
session_start();
if($_SESSION['user_id'] != $_GET['ID'])  // If the user is viewing a page that does not match her ID
   header("Location: page_name.php?ID=".$_SESSION['user_id']); // redirect to user's own page.

thanks for the help, i have added this and seems to work.

thanks

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.