11.3. Hiding Controls from Unauthorized Users

You can use sessions to keep track of which users are authorized to view administrative links on your blog. A session allows the user to log in once, then navigate anywhere on the site without losing his administrative privileges.

NOTE

For a refresher on how sessions work, refer to the section on sessions in Chapter 3.

Your first task is to wrap all administrative links in an if block; this ensures that a session variable is set for the current user. Call your session variable loggedin and store it in the $_SESSION['loggedin'] string.

11.3.1. Modifying index.php

Your next task is to hide all the admin links in index.php from unauthorized users. You need to enable sessions, which you can accomplish ...

Get PHP for Absolute Beginners now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial