I have a link on the settings.php page of my activity module that goes to a clear.php page that truncates a table in the database.
As it stands even guests can still run this function by going to the clear.php themselves by typing in the address bar.
Is there a way to check if a USER is an admin or not? I checked the USER object but couldn't find anything. I can probably check if they are a guest or not with their usernames, but what about the students?
CodePudding user response:
The easiest solution would be to set up the page like this:
require_login();
if (!is_siteadmin()) {
die('Admin only');
}