php coding design question
Posted: Tue Mar 30, 2010 1:53 am
hi everyone...
the situation is the following:
i have a login page that have POST as METHOD and profile.php as ACTION.
in profile.php i check if the user is a regular or admin user and based on his privileges i display a sidebar...
the sidebar code is something similar to this:
my question is the following, is it correct what i am doing...i know it works but is this the professional way to do it...
i mean is it professional/secure to pass actions as GET parameters when a user is logged in ?
thanks in advance
the situation is the following:
i have a login page that have POST as METHOD and profile.php as ACTION.
in profile.php i check if the user is a regular or admin user and based on his privileges i display a sidebar...
the sidebar code is something similar to this:
Code: Select all
if(isset ($userObject)) {
?>
<li>
<?php
if($userObject instanceof User) {
/**
* this if condition checks the privileges of the logged in user and displays a sidebar accordingly.
*/
if($userObject->isAdminUser()) {
/**
* this is a sidebar of and administrator.
*/
?>
<h2>Links</h2>
<ul>
<li><a href="profile.php?action=bla">Home</a></li>
<li><a href="profile.php?action=blabla">News</a></li>
<li><a href="profile.php?action=logout">Logout</a></li>
</ul>
<?php
}else {
/**
* this is a sidebar of a regular user.
*/
?>
<h2>Links</h2>
<ul>
<li><a href="profile.php?action=logout">Logout</a></li>
</ul>
<?php
}
}
?>
</li>
</ul>
</div>
<?php
}
?>
i mean is it professional/secure to pass actions as GET parameters when a user is logged in ?
thanks in advance