0

I am using a plugin userfrosting to manage users.

The PHP side of the app checks if the user is currently logged in. The javascript side of the app checks what the permission of the user is.

EG.

<?php
 if (isUserLoggedIn()){
?>
   <script>
     loadCurrentUserPermission();
   </script>
<?php
}
?>

Now that's fine and dandy, but now I want to implement some user access restrictions in my PHP files. Can I use such a method inside of a php function? Because I don't want to escape the PHP and check for every action.

The next option would be to store it in a variable, but how can I escape a variable assignment midway to the outcome of a < script > ? 

$userPermission;
if (isUserLoggedIn()){
    $userPermission = (
?>
    <script type="text/javascript">
        userLoadPermissions();
    </script>
<?php
);
}
?>

Finally what if I use jquery to store the permission level in a PHP session ID? is that safe? Can someone easily modify their own level?

Improve this question
1
  • Users can't directly modify session variables, it's generally considered safe to store an access level in a session variable. Commented Aug 27, 2014 at 1:00

1 Answer 1

Reset to default
0

What's wrong with echoing the js? 

<?php
    if (isUserLoggedIn()){
    echo "<script>loadCurrentUserPermission();</script>";

    // more php
?>

Edit: Oh, I see. Javascript, being server-side, will be loaded after the PHP, so it's not simple (or even possible) to have PHP, then JS, then more PHP execute on the same page. You could consider calling the rest of the PHP from somewhere else using an AJAX request but that might not be practical for all of your pages.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.