We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
    • 37909
    • 153 Posts
    Hi!

    I want to display on the website some informations only for the user who is logged in the Manager. To do this, I use this code:
    if ($modx->isFrontend() && isset ($_SESSION['mgrValidated'])) {
    	// Something here
    }

    It works perfectly but I want to know if this method is a good and secure way.
    Thanks.

    This question has been answered by fourroses666. See the first response.

    • discuss.answer
      • 9995
      • 1,613 Posts
      I don't know about safety so can't give the answer

      I've used this snippet;
      When your website is live and you want to do corrections or whatever which are only visible for manager logged-in users, you can use this snippet:

      Snippet name: loggedOnly

      <?php
      // [!loggedOnly?private=`--only visible when logged in--` &public=`--visible--`!]
           
          $output = '';
          $private = isset( $private ) ? $private : $output;
          $public = isset( $public ) ? $public : $output;
       
          if (!isset($_SESSION['mgrInternalKey'])) {
              $output = $public;
          }
          else {
              $output = $private;
          }
          return $output;
      ?>
        Evolution user, I like the back-end speed and simplicity smiley
        • 37909
        • 153 Posts
        Thanks fourroses666
          • 5160
          • 118 Posts
          This snippet from Mark Hamstra may also be of use for anyone wanting to achieve similar.

          if ($modx->user instanceof modUser) {
            if ($modx->user->hasSessionContext('mgr')) { 
              return true;
            }
          }
          return false;
          


          https://www.markhamstra.com/modx/2012/01/hiding-google-analytics-code-from-manager-users/