Im creating a blogging system with on page post editing.
If a user is logged in, and they created the blog post then they can see an edit button.
Currently, the edit button is always displayed but is set a display: none for non allowed users.
This works... but ofcourse some one can just change the styling to block with inspector on their browser and viola it works!
I have thought about this and when processing an update in my /updatepost.php page i do another check to see if the user has appropriate access before updating the database.
I dont want however the user to even be able to get this far.
My next idea was instead of setting the button to display none, i would echo a script to remove the button.
I tried e.g.:
if (!isset($userid)) {
echo '<script> $("#editbutton").remove(); </script>';
}
but that doesnt seem to work.
I could go down the route of creating spans with the user id and the post owner id, then check the value .html() and then check if they match etc. But i prefer my first method.
Any ideas as to where my idea is going wrong?
You are not using it in a document ready. That is probably the root issue. This is getting executed before your page is ready.
This should be solved in php, no JavaScript required. Only print the edit button if the user can edit the post.
Just the opposite, only write out the edit button (and other associated elements) if the user has sufficient privileges.
if (isset($userid)) {
echo '<button id="editbutton">Edit</button>';
}
if (isset($userid)) {
// show edit button with no need for Javascript
}