php - Logged session goes to all url -
i have 2 users me & bai.
if me logins goes http://localhost/ebooks/new/me
and if bai logins goes http://localhost/ebooks/new/bai
i using sessions no 1 goes respective links without login.
but facing problem if bai logged in, , user types http://localhost/ebooks/new/me in url bar, goes folder, should not logged in user another.
the code goes here:-
http://localhost/ebooks/new/index.php
<?php session_start(); require_once 'class.user.php'; $user_login = new user(); if($user_login->is_logged_in()!="") { $user_login->redirect($logout); } if(isset($_post['btn-login'])) { $uname = trim($_post['txtuname']); $upass = trim($_post['txtupass']); if($user_login->login($uname,$upass)) { $user_login->redirect($uname); } } ?> http://localhost/ebooks/new/class.user.php
public function login($uname,$upass) { try { $stmt = $this->conn->prepare("select * tbl_users username=:username"); $stmt->execute(array(":username"=>$uname)); $userrow=$stmt->fetch(pdo::fetch_assoc); if($stmt->rowcount() == 1) { if($userrow['userstatus']=="y") { if($userrow['userpass']==md5($upass)) { $_session['usersession'] = $userrow['userid']; return true; } else { header("location: index.php?error"); exit; } } else { header("location: index.php?inactive"); exit; } } else { header("location: index.php?error"); exit; } } catch(pdoexception $ex) { echo $ex->getmessage(); } } public function is_logged_in() { if(isset($_session['usersession'])) { return true; } } public function redirect($url) { header("location: $url"); } public function logout() { session_destroy(); $_session['usersession'] = false; } http://localhost/ebooks/new/bai/index.php & http://localhost/ebooks/new/me.php both have :-
<?php require_once '../home.php' ?> http://localhost/ebooks/new/home.php
<?php session_start(); require_once 'class.user.php'; $user_home = new user(); if(!$user_home->is_logged_in()) { $user_home->redirect($web); } $stmt = $user_home->runquery("select * tbl_users userid=:uid"); $stmt->execute(array(":uid"=>$_session['usersession'])); $row = $stmt->fetch(pdo::fetch_assoc); ?> please me, how clear out!
here solution:
store username in session. in login
$_session['usersession'] = $userrow['userid']; $_session['user_name'] = $userrow['username']; then in home.php check username path
if($_server['request_uri'] != $_session['user_name']) { //show error or redirect user page } else { //continue code } edit try edited code url checking (in home.php)
$url = $_server['request_uri']; $exp = explode("/",$url); $match_name= ""; if(isset($exp[count($exp)-2]) && $exp[count($exp)-2] != "") { $match_name= $exp[count($exp)-2]; } elseif(isset($exp[count($exp)-1]) && $exp[count($exp)-1] != "") { $match_name= $exp[count($exp)-1]; } if($match_name != $_session['user_name']) { //show error or redirect user page } else { //continue code }
Comments
Post a Comment