I want to restrict access for users to their specific data. The site is all static html with a minimum of php to check if a user has permission. The url format is somesite.tld/public_html/english/user/1/account_overview.php?id=1 The site is available in some languages. the 'english' part of the url will change according to chosen language (french, german, dutch, ...). The 'english' part is a folder in public_html. The 'user' part is a folder in 'english' and the '1' is folder in 'user'.
I have a $_SESSION['userid']. At this moment the php script checks if the $_GET['id'] exists and if $_GET['id'] is equal to the $_SESSION['userid'] but just changing the url to somesite.tld/public_html/english/user/2/account_overview.php?id=1 does not limit the access to the '2' folder if you are logged in with userid = 1.
how can I stop displaying the data when someone modifies the url manually ?
