On Mon, 8 Dec 2003, Chris W. Parker wrote: > Ok so I am working on the admin sectin of the e-commerce app I'm writing > and I'm hoping there's a better way to do what I am currently doing. > In an effort to prevent circumvention of the login page I've placed a > check at the beginning of each page that basically does the following: ...
In the case that this is part of a larger application, as it seems to be, you probably should have an include that you are doing on each hit that handles the user identity/authentication.. Not just for your admin users, but a general container for all the user-related functions. On that page Within that include, let's call it loguser.php, you could write functions such as require_admin() or require_login() .. then, call those functions on the pages that require the user to be an admin or be logged in. The functions would determine if the logged-in user had adequate permission, and redirect them if not. That way, you can control this behavior from a central location--you don't want to have to go through each page of your app and change a URL. -- Kelly Hallman // Ultrafancy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
