0

Hi I am creating a website with a login section this is working I am using HTML and PHP. What I am trying to do is one of my pages has a html button I want this to be disabled for certain users. at the moment this is what I have got.

this is the part that I use for the login details.

    <?php
    session_start();
    $_SESSION["username"];
    $_SESSION["password"];
    $_SESSION["access"];
    ?>

I have got if statments that I am currently using which are 

    if($_SESSION["access"] == "Administrator"){
    echo $Admin;
    }

what I am trying to do is call a javascript function within a PHP if statement what i have got so far is 

<?php
    if($_SESSION["access"] == "Consumer")
    {
        echo '<script type="text/javascript">
            Disable();
            </script>';
    }

    if($_SESSION["access"] == "Administrator")
    {
        echo '<script type="text/javascript">
            Enable();
            </script>';
    }
    ?>

the javascript functions that i am trying to call are 

<script type="text/javascript">
   function Enable() { 
   SubmitButton.disabled = false;
   } 

  function Disable() { 
   SubmitButton.disabled = true;
   } 
   </script>

I have also tryed 

if($_SESSION["access"] == "Consumer")
    {
        echo "<script> Disable(); </script>";
    }

Im just wondering if I have typed something in wrong or if I have forgotten to put something in.

any help would be much appreciated.

Improve this question

3 Answers 3

Reset to default
2

Looking at your code you have couple of issues:

Mixing your PHP logic and pure HTML is (usually) not a good idea.

Instead I would suggest you move your access checking logic fully on the server side and display the button accordingly (disabled or enabled) based on the user's access.

Example:

<?php if($_SESSION['access']): // Only show the button for users with access ?>
    <button type="submit" value="Submit" <?php echo ($_SESSION['access'] != 'Administrator' ? 'disabled' : ''); // Button disabled for everyone but administrators ?> />
<?php endif; ?>

And let me point out the obvious (as mentioned by the other answers), that's not 100% bulletproof. The user can still manually submit the button even if he is not an administrator by editing the page's HTML on the fly. That's just a UI fix. The real check should be done on the server side once the button is submitted (e.g. is the user logged in, does he have a cookie on his computer that identifies him as an administrator, does he have a session cookie set, etc).

Calling JS in random places, e.g. in the header can have unexpected consequences.

You better wait for the page to be loaded fully before calling any JS functions. You can do that via jQuery easily, but make sure you include the jQuery library before that in your header like so.

Afterwards you can call any JS after the page is loaded by placing them within the following block:

$(function(){
   // Place your JS calls here, e.g. call to Enable()
});

String concatenation in PHP is done with a dot . and strings can be multiline

This code which you used is just plain wrong.

echo '<script type="text/javascript">'
, 'Enable();'
, '</script>';

You should use something like:

echo '<script type="text/javascript">'
     .'Enable();'
     . '</script>';

or better:

echo '<script type="text/javascript">
         Enable();
      </script>';
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Great answer thank you for clearing up a couple areas but this is still not working i have changed the main part of the code in my answer above what else would i need to do to get it functional the security side of the site i will focus on at a later date. @Wordpress Developer
2

PHP doesn't use , sign for joining. Use ..

But otherwise it should work, except that you should define SubmitButton in advance of using it.

<?php
    echo "<script type='text/javascript'>";
        // if the id of your element is "submitButton"
        echo "var submitButton = document.getElementById('submitButton');";
        echo " function disable(){ submitButton.disabled=true; }";
    echo "</script>";
?>

After that you can use it as you did..

<script type='text/javascript'>
    disable();
</script>

Just be advised that denying access to some elements/functionality on your webpage with JavaScript alone is not a good practice - JavaScript is executed locally on the user's computer and therefore the user can modify it to gain an advantage.

Improve this answer

8 Comments

i tryed it with the . instead of the , and it breaks the page i got a white screen so i dont know if i have done something wrong my code at the moment is if($_SESSION["access"] == "Consumer") { echo '<script type="text/javascript">' . "Disable()"; . "</script>"; } if($_SESSION["access"] == "Administrator") { echo '<script type="text/javascript">' . "Enable()"; . '</script>'; } ?>
concatenation is typically done with the . in PHP, but echo is different - it is a language construct not a function - and will accept a comma separated list. stackoverflow.com/a/8109326/1913784
Hard to tell what exactly is the issue here. Do you get any errors? What does the console log in your browser say?
it has stopped showing my the white screen because i noticed there was another ?> underneath so that's my bad in the console it says Uncaught ReferenceError: Enable is not defined
Well you need to define the Enable() function.. the example provided did only cover the disable function..
|
0

Well, the problem may be that you're trying to call the javascript function before the HTML is ready (or finally rendered), so the browser, when executes the function doesn't find the button.

You could solve this placing your javascript code at the end of your page, or using jQuery and doing:

$(document).ready(function() {
<%php if ($_SESSION['access'] == 'xxxxx') {%>
    Enable();
<%php } else { %>
    Disable();
<%php } %>
});

Anyway, ALWAYS check user permissions on the server side, because someone could enable the button using Firebug or something else...

Improve this answer

1 Comment

how would I add this into the $_SESSION if statement would i call the Enable() function or would I call the function() after the .ready part of this code ?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.