I'm trying to achieve something I can't wrap my mind around. The thing is that when a specific user is logged, I store in session the user and that he is logged.
Before telling me yes, I know this isn't best practice but the purpose of this page is internal only and there is no possibility to be hacked or so because you can only access it internally.
Anyway, the point is that there are some editable fields in a table which should be editable only by admin but that should only be seen by the rest.
To achieve the editable table I used datatables library together with some ajax and JQuery.
I can't think of a method to restrict editing when the logged user is not admin other than:
var logged = <?php echo $_SESSION['logged_user'];?>;
if (logged=='admin') {
// action here
}
Do you know a better method or easier to understand? Thank you very much!
One solution would be to have the function/functions that edit the tables around a check with pure php instead, so the "normal" users don't have to load or can even see the javascript that makes this.
<?php If(isAdmin) { ?>
Javascript here
<?php } ?>
This also makes it so normal users just don't inspect element -> remove the if statement and then can do the same things.
Make fields readonly or use label tag instead of input when user is not admin.
Making it readonly will work if it is for internal purpose only and you can toggle this field later by javascript or even you can set a javascript variable as is_admin true of false and after document.ready() you can toggle input field attribute to readonly true or false.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With