PHP matching the memberid to a directory

Question

So in a basic php account system, when user signs up, I am auto creating a folder and file for that user.

the '1000' and the '954V045' is just obfuscation, with the memberID sitting in the middle and its auto increment, so its unique to each account.

mkdir("1000" . $id . "954V045");
        $myfile = fopen("1000" . $id . "954V045/usersfile.php", "w") or    die("Unable to open file!");

Now the next step that I am having trouble with, is that each file must be only allowed to be opened by its account holder or anyone with a account could open any other persons file.

so I need something like this code at the top of each file in users directory that says if the session memberID is not equal to the directory than to redirect back to generic page.

So someone with a memberID of 32 should only be able to access the files in the directory 100032954V045. and someone with a memberID of 42 should only be able to access files in the directory 100042954V045.

if($_SESSION['memberID'] != ) {
 header ('Location: memberpage.php');
}

I'm guessing answer will involve basename( DIR ) , but I dont know how to strip the '1000' and the '954V045'

Answer 1

Do it like this :

<?php
   $parent = trim(strrchr(__DIR__, DIRECTORY_SEPARATOR), DIRECTORY_SEPARATOR);//stores folder name
   $id = substr($parent, 4, -7);
   // 4 = length of "1000"
   // 7 = length 954V045, it should be negative always!
   if($_SESSION['memberID'] != $id) {
        header ('Location: memberpage.php');
        exit();//do not forget to add this
    }
?>

Negative third parameter in substr omits that many character from end of string. Read more about it here : http://php.net/manual/en/function.substr.php

You also need to put exit() after header to stop execution of current script else it will go on to execute!