Whenever a new user registers, he keeps seeing the data entered by another user in my php project [c-CodePudding

Please how can I make every new user not to have access to another user data in php script, Am already on a live server and whenever a new user registers and enters his dashboard he will be seeing the database of another registered user. The project that am having this issue is an Inventory management system project. Am a newbie can I get detailed instructions on this

CodePudding user response：

This is very very very bad I recommend you shut your site down temporarily and check your code for any leaks as this is not a PHP or Mysql problem it is your script that is incorrect.

If you can't find the problem you can ask me in the comments and I will help you find your problem.

But from what I can read it sounds like one of your SQL queries is not set up correctly.

Also, I saw in the comments the one person is recommending you use a framework I personally code all of my websites is pure PHP as this is what I like and what I feel comfortable with if the framework is needed and you are comfortable using it then yes you can use a framework but honestly coding in pure PHP is not bad you just have to be extra careful in the way you code.

Have a great day and stay safe :)

CodePudding user response：

because you didn't provide enough details about your problem i'll try to outline how a login system works in a concise way. if you don't have any experience writing login system, work with databases or sessions, please study these topics carefully through many articles & videos that exist out there. this topic can't be settled in details in an answer on stackoverflow.

#1 step so, first you need a sign-up page where you collect some data from user, like username, email, phone number, password, etc. then you store this data in database, in a table called users for example. alongside this data you should store a randomly created number like 666187 or an unguessable long string for this user in users table in a field call verification_code (or whatever you like). i'll explain why in the next paragraph.

some parts of this collected data may need verification, email for example, if you did collect the email from user, you'll send an email trying to confirm the entered email truly belongs to the user. your application needs files & codes dedicated to send email whenever you want. after sign-up & storing user data in users table you use your email sending system to email the verification code to the user's entered email (because if user entered an email he/she owns, he/she can access it ). this email contains a link to your application, dedicated to verify users email. (this is not the whole story, but again can't be fit in an answer)

#2 step after completing sign-up page you need the sign-in page. this page contains a form which gets username or email & password of user & checks to find an identical match in users table. if it is found then this is a true user to your application & you should start the session & store user's id in a session variable.

#3 step from now on, on every page which could be accessed only be logged-in users, you fill parts of those pages which is user-specific by retrieving user's id from session & executing queries on database to get data specific to the logged-in user.

a lot of these problems are solved in the start of your project automatically when you use backend frameworks like laravel. so i suggest you to move toward backend frameworks when you're done with basics & got a good grasp of concepts

maybe it was too generic or vague, i hope you understood something from this answer, sorry if it became long, best regards :)