Hi...
I'm writing a website builder. There are two 'halves' of it, codewise: The
admin pages and the public pages. I intend to use sessions to hold
information about validated users (to modify page content you'll have to
provide a valid user/pass) to control access to certain files. Or possibly
functions....
I'm writing a class for each different 'type' of page. (article, journal,
gallery etc etc) However... there are two parts for the class. On the admin
side, I want to keep all the functions and processes that administer the
pages (such as uploading a new picture, modifying text or deleting whole
sections) secure, so that there's no chance of unauthorised users using some
devious methods to modify the site content. On the public side, there are
functions that display the content on the page. Obviously, everyone needs
access to these public functions. Initially, I was going to write two
classes; a base class and an extended class, but have the extended class
(which would be the one containing the administrative functions) in a
subfolder (/secure or somesuch) and then put my session authentication check
at the beginning of each of the files in this 'secure' folder.
But, after some thinking, I thought about just writing one class, and
instead of putting the session authentication check at the 'file' level,
putting it at the 'function' level, so that unless the user is
authenticated, the function will simply exit (along with some form of
redirection to a login page or whatever).
Would this work? Any opinions would be greatly appreciated : )
Plankmeister.
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003