Jump to content

Embedded Security In Html Pages


bigjoe11a
 Share

Recommended Posts

In a page I have, I have 2 links. each link relates to add or just view. Link 1) is where a user adds an entry. and link 2 is where you can view the entry.look at the code blow:<a href="{SITE_ROOT}blog/addentry.php?bid={BID}" style="margin-left:100px;text-decoration:none">Add Entry</a> <a href="{SITE_ROOT}blog/viewentry.php?bid={BID}" style="margin-left:100px;text-decoration:none">View Entries</a>The 1st link. I don't just want any one adding a new entry to this persons blog. I only want the user who made the blog to be a allowed to add to his/her blog.So how can I hide the 1st link from every one other then the user who created the blog.

Link to comment
Share on other sites

Does the template engine have some form of conditional like "IF" Aside from hiding the link, you also have to make sure that if an article is being submitted, it's by somebody who has authority to do so. Just hiding the link doesn't ensure security.

Link to comment
Share on other sites

Below you will find the class that I use for the template. and that is a very good Idea. Is making sure the user who is submiting the new entry is the owner of the blog. I'll have to add that option in. I still need to hide the link for it.

class Page {    var $page;    var $_rootref;    function Page($template) {	    if(file_exists($template)) {		    $this->page = join('', file($template));	    }	    else {		    die('Template file ' . $template . ' not found.');	    }    }       function parse($file) {	    ob_start();		    include($file);		    $buffer = ob_get_contents();		    ob_end_clean();	    return $buffer;    }    function replace_tags($tags = array()) {	    if(sizeof($tags) > 0) {		    foreach ($tags as $tag => $data) {			    $data = (file_exists($data)) ? $this->parse($data) : $data;			    $this->page = eregi_replace('{' . $tag . '}', $data, $this->page);		    }	    }	    else {		    die('No tags designated for replacement.');	    }    }    function output() {	    echo $this->page;    }}

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...