include - PHP including file only for admin -

-

my site consists of single page (or well, allmost), on top handling of post , stuff. now, have post-things solely admins. these located in separate file, include following:

if($_session['type'] == 'admin'){     include('adminhandler.php'); }

now, in adminhandler.php check in each post or function whether type of user correct, example:

if(isset($_post['deleteuser']) && $_session['type'] == 'admin'){ /* stuff;*/ }

now, i'm wondering if indeed necessary. there chance user can manipulate somehow include php file without having $_session['type'] of admin?

this silly question, security i'd rather take before uncertainty.

as noted marc b (see comments on question), advised second check in case should forget it.


Comments

Post a Comment

Popular posts from this blog

Line ending issue with Mercurial or Visual Studio -

-
i seem have strange issue caused either visual studio or mercurial. localised single project, i'm guessing in project configuration causing issue. at difficult specify point, when perform action in visual studio, update every line ending in given file, means when @ file in sourcetree, every line has changed. i can replicate using nuget add package dependency; packages.config entirely replaced. if commit changes, including line endings, later same issue occur. workaround have shelve changes , reapply them, whereupon lines written correctly. i'm not sure application blame here. did make mistake of allowing sourcetree change mercurial configuration, issue have fixed, i'm not sure if has persisted. i thought might issue mercurial.ini files or hgrcs don't seem contain untoward. here's mercurial.ini [ui] username = .... [auth] bb.prefix = https://bitbucket.org/ bb.username = .... bb.password = .... [extensions] mq = rebase = [web] allow_push = * push_s...
Read more

tags - Jquery Mixitup plugin help prevent handlers being destroyed -

-
update : error in console. uncaught exception: query function not defined select2 undefined i using code allow users add tags images. works fine. problem running when images sorted(using mixitup.io plugin). before sorting, script works perfect(popup,edit,save,db update). after user clicks few of sort buttons, script stops responding , popup not fire. please have below , me find problem is. :) working code: $('.tags').editable({ placement: 'top', select2: { tags: ['cookies', 'pie','cake'], tokenseparators: [","] }, display: function(value) { $.each(value,function(i){ value[i] = "<span class='tagbox'>" + $('<p>' + value[i] + '</p>').text() + "</span>"; }); $(this).html(value.join(" ")); } }); to prevent mixitup.io plugin destroying handler, says use "delegate()"...
Read more

python - Received unregistered task using Celery with Django -

-
i have celery setup django project , can't seem task run properly. i'm using django 1.4.3, celery 3.0.1, django-celery 3.0.17 , python 2.7 on ubuntu 13.04. i have verified rabbitmq-server running: sudo service rabbitmq-server status status of node rabbit@fenster ... [{pid,1667}, {running_applications,[{rabbit,"rabbitmq","3.0.2"}, {os_mon,"cpo cxc 138 46","2.2.9"}, {mnesia,"mnesia cxc 138 12","4.7"}, {sasl,"sasl cxc 138 11","2.2.1"}, {stdlib,"erts cxc 138 10","1.18.1"}, {kernel,"erts cxc 138 10","2.15.1"}]}, {os,{unix,linux}}, {erlang_version,"erlang r15b01 (erts-5.9.1) [source] [64-bit] [smp:8:8] [async-threads:30] [kernel-poll:true]\n"}, {memory,[{total,28112760}, {connection_procs,93432}, {que...
Read more