Member Avatar for Barefootsanders

Hey everyone. Ive been trying to set up a link that will allow people to see their profiles but I cant get the link to work. I have a center column that on each click gets the variable $page and loads the correct page using an include("profile.php"); Now I need the link to look like this:

echo "<a href=\"index.php?page=userinfo?user=$session->username\">Edit Account</a>";

Where the var page is set to userinfo and the var user is set to the current user logged in. I know the above syntax isnt correct but I dont know how else to show everyone what I want accomplished. Any suggestions?? Thanks!

  • 3 Contributors
  • 12 Replies
  • 213 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by digital-ether
Member Avatar for DanceInstructor

index.php?page=userinfo?user=$session->username\
should be:
index.php?page=userinfo&user=<?php echo $session->username ?>

Member Avatar for digital-ether

Hey everyone. Ive been trying to set up a link that will allow people to see their profiles but I cant get the link to work. I have a center column that on each click gets the variable $page and loads the correct page using an include("profile.php"); Now I need the link to look like this:

echo "<a href=\"index.php?page=userinfo?user=$session->username\">Edit Account</a>";

Where the var page is set to userinfo and the var user is set to the current user logged in. I know the above syntax isnt correct but I dont know how else to show everyone what I want accomplished. Any suggestions?? Thanks!

The syntax of the php code looks ok. But as it is, PHP doesn't know for sure if $session->username is a variable in the string. You may want to surround your variables with {} to make this clear to the PHP parser. Eg:

echo "<a href=\"index.php?page=userinfo?user={$session->username}\">Edit Account</a>";

For this particular link however, it does not make sense to pass the username in the URL.

Normally you'd go with:

echo "<a href=\"index.php?page=userinfo\">Edit Account</a>";

Assuming this will make your code include profile.php.

include("profile.php");

You should then have the session check in profile.php.

Eg:

if (empty($session->username)) {
// die() or redirect header("Location: login.php") etc... 
} else {
// now show the users profile

}
Member Avatar for digital-ether

...I have a center column that on each click gets the variable $page and loads the correct page using an include("profile.php"); Now I need the link to look like this:

echo "<a href=\"index.php?page=userinfo?user=$session->username\">Edit Account</a>";

...

When you say the variable $page, I believe you really mean the variable $_GET

When you have a url such as index.php?page=userinfo, the varialbe $_GETpage[/B]'] will be set to the string: "userinfo" automatically by PHP in the file index.php.

If PHP has "register globals" enabled in its configuration, then the variable $page will also be set to "userinfo".

This is however disabled by default in later versions of PHP due to security risks in the way PHP code is written when "register globals" is enabled.

You should always write you code to retrieve HTTP varialbles from either the "$_GET array" or the "$_POST array".

Member Avatar for Barefootsanders

I'm still stuck but I think I'm on the right track. The link to the user profile is supposed to be

userinfo.php?user=session->username

But I changed the format of the entire program to use this massive switch statement below:

<?php
    
    $page = $_GET['page'];

    switch ($page)
    {
        case register://Register was clicked
            include("register.php");
            break;
        case welcome://The main home page
            include("welcome.php");
            break;
        case forgotpass://Forgot password was clicked
            include("forgotpass.php");
            break;
        case userinfo://User info page
            include("userinfo.php?user=$session->username");
            break;
        case admincenter://Admin center - FOR ADMINS ONLY!
            include("admin/admin.php");
            break;
        default:
            include("welcome.php");
    }
?>

Now, when the "My Account" button is clicked it sets page = userinfo which should in turn, include("userinfo.php?user=$session->username");. Now I get something different than "Username not registered", I get an actuall PHP error which is bellow. Any suggestions?? Thanks again!

Warning:  include(userinfo.php?user=admin) [ function.include ]: failed to open stream: Invalid argument in C:\Server\www\center.php on line 17

Warning:  include() [ function.include  on line ]: Failed opening 'userinfo.php?user=admin' for inclusion (include_path='.;C:\php5\pear') in C:\Server\www\center.php17

BTW, center.php is the switch statement I included above.

Member Avatar for Barefootsanders

its wierd because when I change the switch statement to just
include("userinfo.php");

It find the page and give me an error that it cant find my username. When I change the switch to this:

include("userinfo.php?user={$session->username}");

It cant find the page at all. So confused.

Member Avatar for Barefootsanders

One last thing, this is the line in my userinfo.php thats causing me problems:

//Requested Username error checking
$req_user = trim($_GET['user']);
if(!$req_user || strlen($req_user) == 0 || !eregi("^([0-9a-z])+$", $req_user) || !$database->usernameTaken($req_user))
{
    die("Username not registered.<br>Back to main page [<a href=\"index.php\">Home</a>]");
}

It keeps telling me "Username not registered". Any help would be much appreciated.

Member Avatar for DanceInstructor

Man I can't believe i missed that echo in the first post. I thought you were in html mode...

You don't want to call your include that way. This is kind of backwards but try it:

$_GET['username'] = $session->username;
include("userinfo.php");
Member Avatar for Barefootsanders

Ok, still stuck. I changed my include to what you said and I still get the error, " Username not registered.":(

Member Avatar for Barefootsanders

UPDATE: SO i figured it out. I moved the statement you told me to put in before the include statement to the top of the userinfo.php :

$req_user = $_GET['username'] = $session->username;

And this seems to work. However I am concerned about security issues. Does anyone see anyproblems with what I am doing?

Thanks for all the help!

Member Avatar for Barefootsanders

Also, now my problem is that another user would not be able to view someone elses page because it always sets the user to yourself. So i'm kinda back to square one. Anyone see a way out of this? Thanks

Member Avatar for DanceInstructor

Make a page for viewing profiles, that won't show anything that is private or allow any edits. This page you can pull the username from the page link.

Then make a seperate page only for editing. This page would pull the username from your session variable after they have logged in.

Member Avatar for digital-ether

UPDATE: SO i figured it out. I moved the statement you told me to put in before the include statement to the top of the userinfo.php :

$req_user = $_GET['username'] = $session->username;

And this seems to work. However I am concerned about security issues. Does anyone see anyproblems with what I am doing?

Thanks for all the help!

Try placing some debugging in your PHP code so you can check the value of your variables and what not.

eg:

$req_user = $_GET['username'] = $session->username;

echo "HTTP Username: {$_GET['username']} <br />";
echo "Session Username: {$session->username} <br />";

echo "\$reg_user: {$reg_user} <br />";

or something like that.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.