[Resolved] PHP to check whether logged in user is same as post author

Home Forums Support [Resolved] PHP to check whether logged in user is same as post author

Popular Articles

Missing style.css

Updating errors

Installing GP Premium

Installing GeneratePress

How to add CSS

How to add PHP

Home Forums Support PHP to check whether logged in user is same as post author

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • November 30, 2018 at 11:46 pm #745203
    Jaakko Pöntinen

    Heya.

    I have a custom post type which corresponds to, say, single-xyz.php.

    I’m getting the logged in user’s ID by means of: get_current_user_id() and the author of the current post by means of get_the_author_meta( ‘ID’ ). I’m placing these after while ( have_posts() ) : the_post(); in the single-xyz.php file, which is just a copy of the original single.php file from GP.

    This works like a charm, I’m outputting those values in spans to see the code in action.

    Now, the questions!

    A:Am I inserting my code in the first possible place in the loop to get the post author ID?

    B: (more important one): Is this a secure way of determining whether the ID’s of logged in user and post author match – I intend to wrap the content echoing part of single-xyz.php into an if-statement comparing the logged in user’s ID and the post author ID.

    The goal, as you can surely deduce, is to create a secure place for users to view proprietary content. Is this method secure?

    Thank you for a stellar theme. Still love it, after 4-or-some years! You rock.

    December 1, 2018 at 8:32 am #745510
    Tom
    Lead Developer
    Lead Developer

    Hi there,

    1. You may even be able to use those functions outside the loop, as long as there’s only one post on the page.

    2. I don’t see any issues with doing it this way at all 🙂

    Glad you’re still enjoying GP!

    December 1, 2018 at 8:58 am #745527
    Jaakko Pöntinen

    Heya, Tom!

    Cheers for the answer. I have to go a step further still, taking unscrupulous advantage of your expertise: I’m going to use Press Permit and Capability Manager Enhanced to restrict users’ permissions to view/edit their posts only (plus of course all public material). I’ve used them succesfully in the past.

    Sooo… Is this User ID check vs Post author ID check that I’ve dreamt up necessary at all? I’ve thought of it as an extra level of protection. But is it completely redundant? The information I’ll be storing is sensitive.

    The reason I though it COULD be a good idea is that it’s a really simple way to decide whether to send content from the server to the user or not. But yeah, is it redundant?

    Thank you.

    – JP

    December 1, 2018 at 6:48 pm #745715
    Tom
    Lead Developer
    Lead Developer

    Hard to know for sure. If you already have a system in place that checks whether a user can view certain content, then it very well may be redundant.

    December 2, 2018 at 9:59 am #746153
    Jaakko Pöntinen

    Hello,

    Thanks 🙂 I’ll think about this some more.

    All the best!

    – JP

    December 2, 2018 at 5:48 pm #746367
    Tom
    Lead Developer
    Lead Developer

    No problem! 🙂

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.

Start building better websites today.

Go Premium Documentation
GeneratePress

GeneratePress

Support

Articles

© 2024 EDGE22 Studios LTD.