Reputation: 1085
How to handle guest user viewing a post?
I have a post.php page which shows posts on my site. It shows features/links according to the type of user visiting it, like for user who wrote the post (session holder) it will show edit and delete buttons while not for others.
For this I am using sessions:
if(!empty($_GET['username'])) {
$username = $_GET['username'];
}
else if(!empty($_SESSION['username'])) {
$username = $_SESSION['username'];
}
else{
// do nothing
}
Now the problem arises for guest user (user not logged in) as for session holder $_SESSION['username']; is operative and for logged_in user (but not session holder) $_GET['username']; is operative, so guest user gets undefined variable on this page. To solve this I added $username=""; to above else statement so now that statement is:
if(!empty($_GET['username'])) {
$username = $_GET['username'];
}
else if(!empty($_SESSION['username'])) {
$username = $_SESSION['username'];
}
else{
$username="";
}
This though solved my problem but I want to be sure if there is any security risk or other problem using this method. Any better idea's are welcome.
Upvotes: 1
Views: 83
Answers (1)
Reputation: 2469
first one use post method to get data
//after successfull login
$username = $_POST['username'];
$_SESSION['loggedin'] = generate token or true or false ur choice;
//restrict this in ur all contructor of view
if($_SESSION['loggedin']){
//ur accessible here you are authorized;
}
else {
//sorry we are redirecting you;
}
Upvotes: 1
Related Questions
- Displaying content based on user session PHP
- Session PHP Security
- Sessions in php, how to handle log ins
- Wordpress Guest Login Redirect on view posts
- Prevent user from seeing pages that require a session
- Is there a way to prevent the post viewed by the visitor?
- PHP Guest Access to Website
- Session Security?
- PHP Session Security
- How do I make a page aware that the viewer is logged in or not?