Im creating a blogging system with on page post editing.
If a user is logged in, and they created the blog post then they can see an edit button.
Currently, the edit button is always displayed but is set a display: none for non allowed users.
This works... but ofcourse some one can just change the styling to block with inspector on their browser and viola it works!
I have thought about this and when processing an update in my /updatepost.php page i do another check to see if the user has appropriate access before updating the database.
I dont want however the user to even be able to get this far.
My next idea was instead of setting the button to display none, i would echo a script to remove the button.
I tried e.g.:
if (!isset($userid)) {
echo '<script> $("#editbutton").remove(); </script>';
}
but that doesnt seem to work.
I could go down the route of creating spans with the user id and the post owner id, then check the value .html() and then check if they match etc. But i prefer my first method.
Any ideas as to where my idea is going wrong?
