[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Anton Channing wrote:
> I second the calculating the admin privileges on
> the server side. If you've got the userid, you
> should already know everything you need to know
> about that user.
> You will have to write a function called isadmin()
> that takes the parameter $userid and returns a
> boolean depending on their privileges, but this
> is much more useful than trying to pass the admin
> state in a cookie, and can also be used to add
> special admin content to non-admin pages.
Hi,
Can i ask you to explain a bit more. I'm getting confused :-)
My original idea was to set the session cookies from a process_login.php
script that looked up the user password etc from the database then set
the session cookies accordingly.
If i create a isadmin() function as described this has to do a DB query
every page change to verify if the admin menu options should be
displayed. This seems a bit wasteful.
I can currently on any page just test the usertype cookie and if set
show additional content with
if($_SESSION['usertype']=="Administrator") {
// Show lots of extra content.
}
or add a check at the start of the page to prevent any access to that page.
Thanks,
--
Robin Cornelius
http://www.byteme.org.uk
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html