I am creating a membership system. I created a link after login to show different member information like
http://member_detail.php?memberid=1
But after login, I find that I can access other member information pages to see other member's detail information
http://member_detail.php?memberid=2
http://member_detail.php?memberid=3
So I would like to ask how can prevent above problem to ensure user just can entry their own information page? Thanks!
When you login then member is save in session like
$_SESSION['member_id'] = 1;
and on header or on member.php page on top of page use..
$member_id = $_GET['memberid'];
if($_SESSION['member_id'] != $member_id){
header("location:login.php");
// or your action for unauthenticated user }
here you check get value is authenticated user or not if user is not authenticated user then you redirect this user to login page.. or your action for an unauthenticated user..