SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Need help with Member Profiles

    I could use some help understanding how websites like SitePoint work with Member Profiles.

    When I look at people's Profiles on here I get URL's like...
    Code:
    http://www.sitepoint.com/forums/member.php?25195-Paul-O-B
    
    http://www.sitepoint.com/forums/member.php?323222-ralph-m
    
    http://www.sitepoint.com/forums/member.php?130187-oddz

    Since everyone's Profiles are "public", I guess all you need to do is pass a Username in the Query String and you are good to go, right?


    But how/why is it that if I am logged in as "me" (DoubleDee), that when I go into my profile all I see is the same URL...
    Code:
    http://www.sitepoint.com/forums/member.php?399760-DoubleDee

    From what I see on the surface, I should be able to go into Ralph's profile and post those wild "party pictures" I took of him when he was drunk last weekend...

    Why do all of these people have the smae URL structure, but only "I" can edit my profile and others cannot?

    Thanks,


    Debbie

  2. #2
    SitePoint Enthusiast
    Join Date
    Mar 2004
    Location
    Michigan
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can't because you aren't logged in as them. Profiles are public to view, private to edit.

  3. #3
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Hi DD

    When you log into sitepoint you'll set a cookie, or a session variable in PHP, that identifies you to the system, most probably with your unique userID in the database (along with other info that may be required).

    When you visit your profile the value of the userID your logged in as will be checked to the userid of the profile your viewing, if they match then the script will enable the editing functions for that page and you can change your profile, if they dont match then you can only view the profile.

    The URL stays the same regardless, is just a means of viewing a page after all, its the php behind the page that decides if have editing rights or not for that page.

    Hope that makes it clear for you !!
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  4. #4
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mandes View Post
    Hi DD

    When you log into sitepoint you'll set a cookie, or a session variable in PHP, that identifies you to the system, most probably with your unique userID in the database (along with other info that may be required).

    When you visit your profile the value of the userID your logged in as will be checked to the userid of the profile your viewing, if they match then the script will enable the editing functions for that page and you can change your profile, if they dont match then you can only view the profile.

    The URL stays the same regardless, is just a means of viewing a page after all, its the php behind the page that decides if have editing rights or not for that page.

    Hope that makes it clear for you !!
    Bingo! That is what I was trying to figure out.

    So, just to clarify, everyone gets to Member Profiles the same way, right?

    And whether I am viewing my own Profile (i.e. DoubleDee) or someone else's, doesn't matter as far as the URL is concerned, right?

    But in order to do things to a Profile, I need to be authenticated, and that is done server-side using PHP and making sure that I am "logged in", right?

    Currently, I have just been using something like this to see if someone is logged in...

    PHP Code:
        // **********************
        // Check if Logged In.    *
        // **********************

        // User must be logged-in to change email.
        
    if (empty($_SESSION['loggedIn']) || $_SESSION['loggedIn']===FALSE){
            
    // Not Logged In.
            
    $_SESSION['resultsCode'] = 'EMAIL_USER_NOT_LOGGED_IN_2127';

            
    // Set Error Source.
            
    $_SESSION['errorPage'] = $_SERVER['SCRIPT_NAME'];

            
    // Redirect to Outcome Page.
            
    header("Location: " BASE_URL "/account/results.php");

            
    // End script.
            
    exit();
        } 
    Is that sufficiently secure for things like we are talking about?


    Debbie

    P.S. Why does SitePoint use prepend a # in front of my Username in the URL...

  5. #5
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,341
    Mentioned
    63 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    P.S. Why does SitePoint use prepend a # in front of my Username in the URL...
    that's your member number, used for the database lookup

    the name appended to it is just for seo purposes

    check this out -- http://www.sitepoint.com/forums/memb...0-JeromeHoward
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  6. #6
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    As Rudy said, its your membership no, what i refered to in my reply as your UserID.

    Your script seems ok on the surface, not sure why you'd want to log details of everyone that wasnt logged in.... depends what youre doing with it in results.php . Youre better off just shoving people back to a login page if they aint got the credentials, unless youve a good reason not to, ie like they shouldnt have found this script in the first place and your trying to find and plug a hole in your code.
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  7. #7
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mandes View Post
    As Rudy said, its your membership no, what i refered to in my reply as your UserID.
    On my website, "Username" must be unique - even though its not the PK. (I just assumed SitePoint would follow the same logic and thus not need to prepend a number.)


    Your script seems ok on the surface, not sure why you'd want to log details of everyone that wasnt logged in.... depends what youre doing with it in results.php . Youre better off just shoving people back to a login page if they aint got the credentials, unless youve a good reason not to, ie like they shouldnt have found this script in the first place and your trying to find and plug a hole in your code.
    Well, two things...

    1.) That is my standard code to handle Errors. I figured logging everything that happens is a good way for me to know where problems are occurring. (I still need to learn how to do this for Fatal Errors, but for Logical Errors I think this will be helpful.)


    2.) On most Errors, I route people to "results.php" and have code like this...

    PHP Code:
        // Not Logged In.
        
    case 'EMAIL_USER_NOT_LOGGED_IN_2127':
            
    // Set Redirect Path.
            
    $_SESSION['returnToPage'] = '/account/change_email.php';

            echo 
    '<h1>Not Logged In</h1>';
            echo 
    '<p>You must be logged in to change your e-mail. (2127)</p>';
            echo 
    '<a class="button" href="' BASE_URL '/account/log_in.php">Log In</a>';
            break; 
    So I believe that addresses your suggestions above, right?


    Debbie

  8. #8
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Debbie

    Wasnt saying that theres anything wrong with that, if thats your normal routine more power to you.

    As for unique names instead of numbers .. again personal preference, most sites will check if a username is already in use anyway, but still use a userID for the code to identify someone, I guess its just easier to give someone a number.

    I tend to keep my userIDs hidden on my site, as you say Sitepoint decided to show theirs not sure what the benefit on that would be.

    Yes Maam, suggestions addressed ;-)
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  9. #9
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,934
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Mandes View Post
    Debbie

    Wasnt saying that theres anything wrong with that, if thats your normal routine more power to you.
    Okay, good.


    As for unique names instead of numbers .. again personal preference, most sites will check if a username is already in use anyway, but still use a userID for the code to identify someone, I guess its just easier to give someone a number.
    In my Member table I have...
    Code:
    - id (pk)(cannot change)
    - email (uk)
    - username (uk)(cannot change)

    I tend to keep my userIDs hidden on my site, as you say Sitepoint decided to show theirs not sure what the benefit on that would be.
    I agree with you...


    Yes Maam, suggestions addressed ;-)
    Cool!

    Thanks for the help!!


    Debbie


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •