06-07-2008, 05:05 PM
|
#4 (permalink)
|
|
is cute and cuddly
Join Date: Mar 2008
Location: Vegas, Baby
Posts: 963
Thanks: 31
|
Do you have their session ID stored in the database, or just a username? When they log in, you should be assigning your users a unique session ID which is added to their record in the database table as well as to a SESSION variable or cookie on the client side. You'd then compare those two values when a page was loaded to make sure their session was valid, sort of what it looks like you're trying to do, except for some reason you're not even doing anything with the result ($udata) of your query, so I'm not sure what purpose the query actually serves in that whole process.
PHP Code:
$szUsername = $_SESSION['username'];
$szSID = $_SESSION['session_id'];
$q = sprintf("SELECT `session_id` FROM `clients` WHERE user = '%s'", mysql_real_escape_string($szUsername));
$pResult = mysql_query($q);
$aData = mysql_fetch_assoc($pResult);
if ($szSID !== (string)$aData['session_id']) die("You no touchie my personal pages!");
...is how I would go about checking the session ID.
-m |
|
|
|