Apologies in advance here, as I am not sure how best to structure this question… In php, when you need to control the access of information for a particular section of a site to a user, such as, a member accessing their own profile edit page... you obviously need to perform a database query to check that the specific user logged in has the right to view and edit that specific profile page... (not sure what the terminology is for this) HOWEVER imagine the query has been processed and the member now has access to the profile edit page... and now the member wants to update their email address... so they enter their new email address and click update... now should ANOTHER query be performed AGAIN to check that the member has access to perform this update... I'm sorry if all of that makes very little sense to you... basically what i am asking is, obviously you need to perform a check at the start to make sure a user has the rights to a certain part of a site to perform an update query BUT should you carry out this check again just before you perform the actual update (is there a term on what i am "trying" to describe here) Thanks for your patience if you've managed to read this far
In order to avoid ALL possible bugs / exploits, yes - perform the check. The best way is to make a function for it so you can just do if(!logincheck()) { header("Location: http://yoursite.com/login.php"); } PHP: at the top of all your protected pages. Then obviously function logincheck() { blahblah } would be your user check queries
Ok cool, but if i take this a little further... imagine there was a task that a user had to carry out each day, by simply clicking a button on page that is only available to them... and they could once carry out this task once a day... so first of all the query will be ran to make sure that they have permission to access that task and that they have not already completed it for today... then when they process the task, i think it should check again to make sure that they have access and that it has not already been processed... becasue they could simply open the task up in 2 separate tabs... then run the task and then run it again in the second tab... but if the check was there BEFORE it made the actual update query, then it would stop this... Is there terminology for what i am trying to describe... like a "2nd update query validation check"
I'm not sure there's a definitive name or phrase for what you're talking about but I would probably phrase it something along the lines of a "continuous user validation" function.