Geek Answers Handbook

Limit Javascript from PHP?

I'm trying to achieve something that I canโ€™t plunge into. The fact is that when a specific user is registered, I store in a user session and record it.

Before telling me โ€œyesโ€, I know that this is not the best practice, but the purpose of this page is only internal, and there is no way to be hacked, or because you can access it only internally.

In any case, the fact is that there are some editable fields in the table that should be edited only by the administrator, but this should only be visible to the rest.

To achieve an editable table, I used the datatables library along with some ajax and jQuery.

I cannot come up with a method to restrict editing if the registered user is not an administrator, except:

var logged = <?php echo $_SESSION['logged_user'];?>; if (logged=='admin') { // action here }

Do you know the best method or is it easier to understand? Thank you very much!

+5
source share
3 answers

One solution would be to have functions / functions, edit the tables around the validation with pure PHP instead, so that "normal" users should not load or even see the JavaScript that does this.

 <?php If(isAdmin) { ?> Javascript here <?php } ?>

It also makes it easy for regular users to not check an element -> delete the if statement, and then be able to do the same.

+3
source

Make fields read-only or use a label instead of typing when the user is not an administrator.
Doing it readonly will work if it is for internal use only, and you can switch this field later to javascript or even you can set the javascript variable as is_admin true to false and after document.ready () you can switch the input field attribute to readonly true or false.

+3
source

Call your html with a security token as a URL parameter.

Then you must send this security token back to the server in an ajax request and get a registered user.

Something like that

 www.example.com?231212sdsldkfjsl2131212lskjlkdsj var sec = location.search; $http.get('testuser.php?' + sec, function(data){ user = data.user; });
+1
source

More articles:


All Articles