Chapter 11. Authentication and Authorization
There’s something a little weird that happens at just about this point in your application design and creation. You have four, five, or maybe more core features in place. You have a few tables set up. You have a lot of the guts of your application built, and even though things are simple, you have a sense of where you’re taking things.
And at this point, you add some new feature, like the ability to delete users. It seems like just another feature; just another user requirement to tick off the list. But wait a second…deleting users? Do you want to offer all your users that power? Of course not. That’s an administrative feature.
Note
You might even remember that an early candidate for the name of delete_user.php was admin.php (Your PHP Controls Your Output).
But what’s an administrator? Obviously, in the non-digital world, it’s just a person or group of people who are managing accounts, probably someone who has a few extra passwords stickied to their monitor. But in your application, there’s no such thing as an administrator. Right now, anyone can hop over to delete_user.php and nuke poor Bill Shatner, or James Roday, or whatever other celebrities have signed up through create_user.html and its friends.
But it’s worse than that! Because of that little red “x” appears when you go to show_users.php, someone you can just be viewing users, and boom, there you have it: a little red “x” that can delete data forever. And with nothing more than a confirmation ...
Get PHP & MySQL: The Missing Manual now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.