Page 1 of 1

IF ELSE admin is logged in in the header

Posted: Thu Apr 22, 2021 8:09 am
by shirazdrum
Hi guys,

I'm trying to add a css snippet (display none) to the site to hide a portion from non admin users. For example when I go from the backend to the front end it knows that i'm an admin. How can I do this? I really appreciate it.

Re: IF ELSE admin is logged in in the header

Posted: Thu Apr 22, 2021 7:54 pm
by paulfeakins
shirazdrum wrote:
Thu Apr 22, 2021 8:09 am
I'm trying to add a css snippet (display none) to the site to hide a portion from non admin users. For example when I go from the backend to the front end it knows that i'm an admin. How can I do this? I really appreciate it.
Well that's a very insecure way to do it, as if they knew what they were doing they could easily show it again in their browser.

However the code would be something like this in a controller:

Code: Select all

if($isLogged) {
$additionalCSS = '';
} else {
$additionalCSS = '.yourelementclass {display: none} ';
}
And this in the header.twig file:

Code: Select all

<style>
{additionalCSS}
</style>
Note this is pseudocode and definitely won't work as-is.

If that isn't enough you could pay a developer such as ourselves or post a job in the Commercial Support Forum.

Re: IF ELSE admin is logged in in the header

Posted: Thu Apr 22, 2021 8:19 pm
by shirazdrum
Hi Paul,

Security really isn't an issue here, it's just a little element that only makes sense to admins and it would be of no value to visitors.

As for if($isLogged) statement, is it checking for any logged in user or just admin?

I really appreciate it.

Re: IF ELSE admin is logged in in the header

Posted: Thu Apr 22, 2021 8:32 pm
by straightlight
This tactic still won't prevent CSRF attackers to know in-between your forms since it makes no difference for those scripts. I would rather suggest you use an extension to prevent CSRF attacks.

Re: IF ELSE admin is logged in in the header

Posted: Fri Apr 23, 2021 7:33 pm
by paulfeakins
straightlight wrote:
Thu Apr 22, 2021 8:32 pm
This tactic still won't prevent CSRF attackers to know in-between your forms since it makes no difference for those scripts. I would rather suggest you use an extension to prevent CSRF attacks.
???

Re: IF ELSE admin is logged in in the header

Posted: Fri Apr 23, 2021 7:34 pm
by paulfeakins
shirazdrum wrote:
Thu Apr 22, 2021 8:19 pm
As for if($isLogged) statement, is it checking for any logged in user or just admin?
Good point, you might need to check the group too.

You could always post a job in Commercial Support if you're not sure how to do it all yourself.