TODO: Check staff member's login status when previewing a page

nikhilbachani / globe-bank

Content Management System (CMS) built using with PHP and MySQL

MIT License

0 stars 0 forks source link

TODO: Check staff member's login status when previewing a page #5

Closed nikhilbachani closed 4 years ago

nikhilbachani commented 4 years ago

In public/index.php, add code for checking a staff member's login status before giving access to view a publicly invisible page. Only a staff member should have the right to view one. For now, adding preview=true to the index.php URL creates an IDOR.

nikhilbachani commented 4 years ago

Only logged in staff members can use the preview feature now.