Home > database >  How should I hide admin buttons?
How should I hide admin buttons?

Time:05-27

I am making a classroom web app with php for a university project. I have the classes displayed on the home page and for example I want to display a delete button if the user who's logged in is a teacher, something like this:

<?
if($_SESSION['userType'] == 'Teacher') {
    //Show
}
if(S_SESSION['userType'] == 'Student') {
    //Hide
}
?>

But my problem is that I'm getting the class elements with ajax, looping over them and adding them to the page using innerHtml. So the only way I can think of is to add a variable in js indicating if the user is a teacher and then I could add a button to the html in js.

But after reading other similar questions I learned that this shouldn't be done client side as it could get hacked. Im new to web programming and I can't figure out how to do this so any help or advice is greatly appreciated

CodePudding user response:

You must do the verification both on frontend and backend. You can never rely on client side information, so use front end to draw or not the sensitive buttons, but use backend to check if the authenticated user can or cannot do that action.

CodePudding user response:

Just Use some like that on your html file:

<?php
    if($_SESSION['userType'] == 'Teacher') {
        //Show
        ?>
            <button>Delete</button>
        <?php
    }
?>
  • Related