Hide buttons if not an admin

Question

What I want is something like that :

If not admin then hide some button. But if I do

if ($Admin == null)
   {
       echo "You are not admin"; //That works
       //So we hide the button id="New"
?>      
    <script type = "text/javascript">
        document.getElementById('New').style.visibility = "hidden";     
    </script>
<?php } ?>

But nothing happens. It says "You are not admin" but the button isn't hidden

I know how to hide fields by clicking buttons or checking checkbox with functions but i don't know how how to do by using a "if". Thanks for reading

I'd advise not to just hide admin buttons but not to echo them at all — gbestard, May 06 '15 at 08:57
This is a bad idea. The buttons should ideally not even be in the page, unless you're an admin user. Never do anything like this client-side. ^^ Ninja'd! — Reinstate Monica Cellio, May 06 '15 at 08:57
@SunilPachlangia: If the OP's code isn't working, that won't work either. — T.J. Crowder, May 06 '15 at 08:59
document.getElementById('New').style.display = "none"; doesn't work :/ My problem is much more difficult thant what i exlained. Because there are 3 kinds of admins and they have diffents authorizations. Theire are many buttons — Hearner, May 06 '15 at 09:00
@Hearner: And yet the main point doesn't change: Don't output the buttons when the user isn't an admin. At all. (Rather than trying to hide them with client-side code.) — T.J. Crowder, May 06 '15 at 09:03

score 2 · Answer 1 · answered May 06 '15 at 08:58

2

You should not just hide the button but not echo it at all. Unless the "not admin" can change the html and get access to admin features, in other words your web page can get hacked

answered May 06 '15 at 08:58

Diogo Cunha

1,194
11
23

score 1 · Answer 2 · answered May 06 '15 at 08:59

Your best bet is to simply not output the button with the id "New" at all.

Very much second best:

If your code isn't working, it means one of these things:

The button doesn't exist yet when the script runs. Output it later, at the end of the page, after you've output the button.
The button doesn't have id="New" on it. Either give it an ID, or if I guess that "New" is the value, you can do document.querySelector("input[type=button][value=New]") rather than document.getElementById.

Irrespective of whether you output the button or hide it, it's vital that whatever server-side code it is that runs when the button is pressed also checks that the user is an admin and disregards the action, since requests can be faked. You may well already be doing that, but I thought I'd flag it up.

score -1 · Answer 3 · answered May 06 '15 at 09:12

-1

Display the button if and only if the user is admin:

<?php if (!!$Admin) { ?>
    <!-- display the button -->
<?php } ?>

answered May 06 '15 at 09:12

Lajos Arpad

64,414
37
100
175

Why are you using a double negative? You don't need the exclamation marks at all. – Styphon May 06 '15 at 09:12
It converts $Admin to boolean. – Lajos Arpad May 06 '15 at 09:17
@Styphon, kindly read this: http://stackoverflow.com/questions/2127260/double-not-operator-in-php – Lajos Arpad May 06 '15 at 09:19
But doing `if ($Admin)` will give you the exact same result, if Admin is empty, null, 0 or false it won't run the code, anything else and it will. Why do you need to type cast it as a boolean? – Styphon May 06 '15 at 09:53

Hide buttons if not an admin

3 Answers3