1

I want to display an error if a user tries to go to /admin/ when they aren't logged in as an admin. I don't want to pass stuff in the URL and I do not want to do a $_POST to display the error. I just want to display a message and when you refresh it is gone.

For example, go to this URL: http://getsatisfaction.com/getsatisfaction/topics/notifications_box/edit

It returns you back to the topic and says "I'm sorry, but you have been denied access to edit this topic."

When you refresh it is gone. I want to be able to display an error like that too. Does anyone know how they did that?

I've seen other sites do this as well (without appending an ?error=1 to the end of the URL).

Thanks in advance.

Improve this question
3
  • 1
    How are you currently logging someone in as admin? Cookies? Sessions? Commented Jan 5, 2012 at 22:42
  • Does your codebase currently support the separation of users based on roles? (i.e. admins vs normal users)? Commented Jan 5, 2012 at 22:47
  • @DigitalPrecision Yeah, I have a column in the database called "type" and that is either "admin" or "user". Commented Jan 5, 2012 at 22:48

2 Answers 2

Reset to default
2

Set the error message in the session:

session_start();
$_SESSION['message'] = 'No, you fool!';
header('Location: some-other-page.html');
exit;

Display the message:

session_start();
if (!empty($_SESSION['message'])) {
    echo $_SESSION['message'];
    unset($_SESSION['message']);
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This snippet is missing the check to determine if account is 'admin' or not, may want to add it for completeness.
@DigitalPrecision Yeah, I already check to see if it is an admin. I just didn't know how to display error messages - I was just redirecting them to the homepage if they aren't an admin. Now I can display an error with it as well.
1

You need to check the session and see if the user has permission. Checking the session is specific to the environment, for example, if you use Joomla: http://www.howtojoomla.net/how-tos/development/how-to-use-sessions-in-joomla

and if you use drupal: http://drupal.org/node/360542

of course that there's a native library for sessions in php: http://php.net/manual/en/ref.session.php

hope it helps!

Improve this answer

3 Comments

I already check if the user has permission and if the session has the correct variables. But right now, I'm just redirecting them back to the homepage if they aren't logged in and if they aren't an admin. Thanks for all the links, though :)
Oh, I didn't understand your question... but now that I do: you can send yourself a parameter using $_POST instead of using $_GET - this way it will not be displayed on the address bar (as part of the URL) - why don't you want to use POST ? Another way is set a costumed session variable - that should do the trick
Session is definitely the way to go in this situation.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.