i have a user profile page that have the following url : www.XXXXXXX.com/userid/45
is there a way to prevent access to other page when a user change /userid/45 to /userid/47
Depending on the language you're using, something like this on the user profile page:
if url_segment(2) != user_info['userid']
render no_permission
end
You might want to take a look at Zend_Acl.
http://framework.zend.com/manual/en/zend.acl.introduction.html
This would allow you to control access to certain resources (e.g. a profile) based upon the assigned privileges of the role making the request. You can also specify more fine-grained access with assertions.
So, say for example, you specified an 'registered' role, for users registered with your site, who would also have a profile page. Your rule might read like this :-
'registered' can 'display' a 'profile' 'if it is their profile'.
Role: 'registered'
Privilege: 'display'
Resource: 'profile'
Assertion: code that checks for ownership
I was looking for this in wordpress and only after posting my answer did I even realize you were asking about something other than wordpress... Oh well, for people who make my same mistake, here is the same thing, but for wordpress:
You can modify this to make it redirect all users instead of just one user by changing the == to != and enter just the admin id (usually "1").
add_action('admin_init', 'redirect_to_forum');
function redirect_to_forum(){
$current_user=wp_get_current_user();
if($current_user->user_id == "47"){
header('Location: http://somewhereelse.com');
}
}