I am using a class that performs the right query based on $ _POST ['action'] .. Example:
class data {//>, pseudocode __constructor () {if ($ _POST ['action'] == 'insert') mysql_query ("INSERT .."); And if ($ _POST ['action'] == 'edit') mysql_query ("UPDATE .."); }} Now I definitely want to prevent a user from doing something that he can not do. For example, editing someone else's post, or something else complicated like That he can edit his post only when he is not published once the post is published he can not edit anymore (or maybe some time based)
you can How can I add checks to my class data What? I once heard about Zend_ACL that can the work be done for this matter?
Edit: I would like to avoid using databases for storing privileges
Edit2: I would like to do this: Every user level "1" means that you are an administrator , Level = 2 means that you are an editor, level 3 = means that you are a simple user.
So some privileges are clamped at each level. Now where should I give this information
ty
you <
Mainly your tables should have this field
Post_ID (PK) | Now follow up on the edit of that post
-
The first user logged in is user ID and whether the post_ by ID is identical or not
- If so, check that__published is set to
y or N if N Do not allow to edit if y then edit
Comments
Post a Comment