473,322 Members | 1,671 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

trying to get user name from cookie for permission to edit data

wadro21
12
I am trying to create a members only area where they can update there contact info in the company directory but only theirs. problem is i can't seem to get it where they can only update there on. i can either update everyone or no one but my code executes fine with no errors. Please help!

[PHP]

//This is the directory where images will be saved
$target = "uploads/images";
$target = $target . basename( $_FILES['photo']['name']);

//This gets all the other information from the form
$name=$_POST['name'];
$email=$_POST['email'];
$phone=$_POST['phone'];
$pic=($_FILES['photo']['name']);

// Connects to your Database
mysql_connect("localhost", "my_root", "") or die(mysql_error()) ;
mysql_select_db("my_photos") or die(mysql_error()) ;

//checks to see if the name submited is in the database
if (!get_magic_quotes_gpc()) {
$_POST['name'] = addslashes($_POST['name']);
}
$usercheck = $_POST['name'];
$check = mysql_query("SELECT name FROM employees WHERE name = '$usercheck'")
or die(mysql_error());

//checks the users cookie to see who they are
if(isset($_COOKIE['ID_my_cookie']))
{
$username = $_COOKIE['ID_my_cookie']; }
if ($username = $check)
{
$check2=$info;
}else{
$check2 != $info;
}

//compairs the name on the cookie with the name they are trying to update.
//if they don't match, error message
if ($check2 != $info)
{ echo("Sorry, you are only allowed to update your own information. Click <a href=login.php>HERE</a> to login as someone else.</br>");
echo ("Or, click <a href=membersarea.php>HERE</a> to go back.");
die(mysql_error());

}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['name'] = addslashes($_POST['name']);
}
$usercheck = $_POST['name'];

$check2 = mysql_num_rows($check);

//if the name exists DELETE it
if ($check2 != 0) {
mysql_query("DELETE from `employees` where name = '$name'" );
}

//Writes the information to the database
mysql_query("INSERT INTO `employees` VALUES ('$name', '$email', '$phone', '$pic')") ;

//Writes the photo to the server
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{

//Tells you if its all ok
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory";

}
else {

//Gives and error if its not
echo "Sorry, there was a problem uploading your file.";
}
[/PHP]
Aug 28 '07 #1
3 1462
pbmods
5,821 Expert 4TB
Heya, Wadro.

What do you want your code to do? Give an example.
What is your code doing that you don't want it to do? Give an example.
What is your code *not* doing that it is supposed to? Give an example.
Aug 28 '07 #2
wadro21
12
Heya, Wadro.

What do you want your code to do? Give an example.
What is your code doing that you don't want it to do? Give an example.
What is your code *not* doing that it is supposed to? Give an example.

well i want it to check the name on the cookie against the name posted from the form. if it is a match, allow them to update that users information. if it is not a match, error you can only update your own information.

right now it lets you update everyones.

i can make it either update everyones or no ones but not per user.
Aug 28 '07 #3
Atli
5,058 Expert 4TB
Hi.

I'm not sure this will fix your problem, but the if statement on line 27 in your code is missing a '=' sign. There should be two of them, as I am sure you know.
Sep 3 '07 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

6
by: Mark | last post by:
I am designing a game for a forum. When the user has finished playing I need to save their data to a cookie then navigate to a page which holds their score data (I can't have both sets of data on...
6
by: Frank Wilson | last post by:
Tom, It sounds to me like ASP, not ASP.NET is handling the request for WebForm1.aspx. This is most likely an IIS config issue that may have been caused by order of installation or...
1
by: Earl Teigrob | last post by:
Background: When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is...
25
by: Neo Geshel | last post by:
This works: <form> <asp:TextBox id="name" /> <%= name.ClientID %> </form> But this DOES NOT work: <form>
2
by: Randall Parker | last post by:
Some questions on forms authentication: 1) Can one do one's own checking of username and password and totally bypass calling FormsAuthentication.Authenticate? 2) does the "new...
0
by: joseph conrad | last post by:
Hi, I tried to implement my own session handler in order to keep control on the process the drawback I foun it is not creating and storing in my cookie the PHPSESSID variable anymore. reading te...
5
by: Learner | last post by:
Hello, Here is the code snippet I got strucked at. I am unable to convert the below line of code to its equavalent vb.net code. could some one please help me with this? static public...
2
by: darrel | last post by:
We have a home grown CMS in our organization that I decided to update at 5pm only to find a gigantic security bug in it. Here's the deal: The original programmer created the security for the...
7
by: monomaniac21 | last post by:
hi i have a php site which allows users to save a cookie on their computer which stores their user id details and allows them to auto- login. i'm wondering whether this is safe, is it...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.