Welcome to the Treehouse Community

The Treehouse Community is a meeting place for developers, designers, and programmers of all backgrounds and skill levels to get support. Collaborate here on code errors or bugs that you need feedback on, or asking for an extra set of eyes on your latest project. Join thousands of Treehouse students and alumni in the community today. (Note: Only Treehouse students can comment or ask questions, but non-students are welcome to browse our conversations.)

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and a supportive community. Start your free trial today.

PHP

How to build a user profile page.

My current project is a social network site. I am at the stage where I build the user profile page. The approach that I am taking is that the profile page is basically a template where information pertaining to the user is pulled from the database, and fills the template. The issue that I am having is how to let the browser know if this profile page belongs to the user or a visitor to the page. This is important due to not wanting unauthorized personnel modifying a user profile.

I have not started on any code yet, so I have none to post.

1 Answer

Kevin Korte
Kevin Korte
28,135 Points

Lots of ways to handle this, here are a couple thoughts that come to mind.

At the template level, you could control access to data. You would be able to tell if the current user is logged in, and if the logged in user is the owner of the this profile or not. With that information, you could in your template wrap the data that should only exists if the user is the owner of the profile in an if check, something like if (user = this.user) { show private user info }.

Another option is at the routing level. When a user hits a route for a user profile, your could check if the requesting user is a logged in user, and if so, is the user the owner of that profile, if so, you send them to the template that has the personal information. If the requesting user is not the owner, than they get the "public" info template. This is also a pretty good option because in your "owner template" you can make as much of the data as you want editable or modifyable, and since the logic is controlled at the router, and not the template, you don't have to worry too much about the wrong person modifying someone else's profile, however to be safe I'd still do an auth check each time a profile is updated to still make sure the users that sent the update is the owner of the profile.

Recently in my own project I took the second approach, auth'ing the user the router level, instead of the template. The downside is I have two templates to maintain, upside is my template is much, much cleaner. It also affords you a good opportunity to have a slightly different UI for the profile owner (like options to edit/modify profile) vs just another visiting user, again without littering your template with a whole lotta checks. I like keeping logic out of templates as much as possible.

So with the routing template....make a template user profile, then two classes under template? One for owner's profile page and one for public page?

Kevin Korte
Kevin Korte
28,135 Points

Kinda, how much of this project is done, are you using a router or templating engine?

I've created user registration, connect & sessions...V .1 is what I called that bundle. Next is user profiles...when you say engine, do you mean a set of code that I write? Or vendor code? I was planning on using code for the router style.