Databases
StackOverflow2013
Postsdbo
POuser account system PHP
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POuser account system PHP
    text
    copied!<p>Hi everybody this is my first question so please dont kill me if i explain myself wrongly. I'm trying to make a user account system with a database, the problem is that when someone logs in if another user logs in and changes the URL from his account id: index.php?us=7 to index.php?us=270 he/she can enter the other users vip page. this is the login control code.</p> <pre><code>&lt;? //incluir librerias include_once "funciones/funciones_BD.php"; include_once "constantes/constantes.php"; //abrir BD Abrir_BD($link,$Servidor,$Usuario,$Clave,$BD); $id = mysql_query("SELECT xidusuario FROM tblreferidos_usuarios WHERE xemail='".htmlentities($_REQUEST["email"])."'",$link); $xid = mysql_fetch_row($id); $usuario = mysql_query("SELECT xemail FROM tblreferidos_usuarios WHERE xemail='".htmlentities($_REQUEST["email"])."'",$link); $Nusuario = mysql_num_rows($usuario); //Si existe el usuario, validamos también la contraseña ingresada y el estado del usuario… if($Nusuario != 0){ $clave = mysql_query("SELECT xpass FROM tblreferidos_usuarios WHERE xestado=1 AND xemail='".htmlentities($_REQUEST["email"])."' AND xpass='".htmlentities($_REQUEST["clave"])."'",$link); $Nclave = mysql_num_rows($clave); //Si el usuario y clave ingresado son correctos (y el usuario está activo en la BD), creamos la sesión del mismo. if($Nclave != 0){ session_start(); //Guardamos dos variables de sesión que nos auxiliará para saber si se está o no "logueado" un usuario $_SESSION["autentica"] = "SI"; $_SESSION["usuarioactual"] = $usuario; //nombre del usuario logueado. //Direccionamos a nuestra página principal del sistema. $us=$_REQUEST["email"]; header ("Location: referidos_index.php?us=$xid[0]"); } else{ echo"&lt;script&gt;alert('La contrase\u00f1a del usuario no es correcta.') window.location.href=\"referidos_login.php?\"&lt;/script&gt;"; } }else{ echo"&lt;script&gt;alert('El usuario no existe.');window.location.href=\"referidos_login.php\" &lt;/script&gt;"; } mysql_close($link); ?&gt; </code></pre> <p>and this is the code that i put in every other page to check the session</p> <pre><code>if(!isset($_SESSION["usuarioactual"])) { header("Location:referidos_login.php"); die(); } </code></pre> <p>if someone can point me out where the problem is ill be most greatful!! Thanks.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload