How to make the user’s $ id be determined automatically, and it would not be necessary to specify $ userid = 5 (say) manually, so that the avatar is loaded by the user who is authorized in his account.

    3 answers 3

    Usually, only authorized users are allowed in the avatar download script. So you need to find the place where authorization takes place (there is usually something like " if ($user = mysql_fetch_object($auth_query)) $authorized = true; "), and set the session ID value.

    i.e:

     session_start(); /* много кода */ // if ($user = mysql_fetch_object($auth_query)) // $authorized = true; if ($user = mysql_fetch_object($auth_query)) { $_SESSION['userID'] = $user->id; $authorized = true; }

    And in the avatar download script use $_SESSION['userID'] instead of $userID .

    PS: Then to check the authorization in any script should be the line session_start(); and you can do this: if (empty($_SESSION['userID'])) die('Вы не авторизованы');

      Well, most often in such cases an authorized user is set to COOKIE with the necessary values, for example

      when authorizing user

       if (auth($user_login, $user_password)) //авторизация пользователя { set_cookie('id', $user_id); set_cookie('auth', md5($user_login.$user_password)); }

      And then if the user is authorized, we can use the $ _COOKIE ['id'] variable

      • The idea is not very, for setting the received id and auth you get access to the user account ... md5 user without salt should transfer only in extreme cases - GLAGOLA
      • one
        auth does not have to be md5 of the sum of $ login. $ password ... it can be generated for the session from environment variables. - Fucking Babay
      • His! Need! generate from the environment variables responsible for the client, browser, SP. And it is also desirable to check. - SilverIce

      As mentioned above, authorization is required, you can offer this option:

       $user=mysql_fetch_assoc(mysql_query(...)); /* получаем массив из базы по логину или что там у вас...*/ $_SESSION['id']=$user['id']; // можно и кукисы вбить if(isset($_SESSION['id']) && mysql_result(mysql_query(..#1..),0)==1) { $user=mysql_fetch_assoc(mysql_query(..#1..)); } /*где #1 - проверка через сессию $_SESSION['id'] */

      as a result: $ user ['id'] - insert where needed ....