'Php file open only by admin, Wordpress [closed]
I create a plugin for signing up for exams, in the dashboard in the plugin menu there is an option to display the table of registered participants with the option to edit any participant. The editing consists in the fact that the EDIT button under the participant redirects to another php file (for example "my_edit.php") under the link "/plugins/update/my_edit.php?id=32" of course in this case for the user with id 32. The problem is that an ordinary user, without administrator rights, can enter such a link himself and edit any person. How can I protect such a file so that only logged in admin can edit it?
"edytuj" its "edit", but in my language
Solution 1:[1]
you can check the page my_edit.php for the administration access :
if ( !current_user_can('administrator') || !is_admin() ) {
wp_redirect( home_url() ); // or you can redirect user back
exit;
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | behzad m salehi |