Editing the List of Gifts

Jack and Jill, our bride and groom, need to set up the list of gifts for wedding guests to choose from. Our application includes an edit.php file that allows the user to add or remove gifts, or modify existing gifts. In this section, we describe how we can prevent users other than Jack and Jill from accessing the editing page, and how the script enables gifts to be added, updated, and deleted.

Restricting Edit Access

To prevent unauthorized access, we ensure that only the users jack and jill can access this file; other users attempting to access this page are redirected to the gift list page list.php:

<?php
 // edit.php: Show the user the available gifts and the gifts in
 // their shopping list

 // Include database parameters and related functions
 require_once('db.php');

 // Check if the user is logged in
 // (this also starts the session)
 logincheck();

 // Check that the user is Jack or Jill (username is 'jack' or
 // 'jill');  other users are not allowed to edit the gifts.
 if($_SESSION['username']!="jack" && $_SESSION['username']!="jill")
 {
  $message = "You are not authorized to edit the gift details. ".
   " Please select gift suggestions from the list to add to your shopping list!";
  header("Location: list.php?message=".urlencode($message));
  exit;
 }

 // Other code to display and edit the gifts
...
?>

Note that our application automatically creates an account and grants access the first time a user registers a particular username. It’s technically possible for a user ...

Get Learning MySQL now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning MySQL by Saied M.M. Tahaghoghi, Hugh E. Williams

Editing the List of Gifts

Restricting Edit Access

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly