Post by shirazdrum » Thu Apr 22, 2021 8:09 am

Hi guys,

I'm trying to add a css snippet (display none) to the site to hide a portion from non admin users. For example when I go from the backend to the front end it knows that i'm an admin. How can I do this? I really appreciate it.

Newbie

Posts

Joined
Thu Apr 22, 2021 8:05 am

Post by paulfeakins » Thu Apr 22, 2021 7:54 pm

shirazdrum wrote:
Thu Apr 22, 2021 8:09 am
I'm trying to add a css snippet (display none) to the site to hide a portion from non admin users. For example when I go from the backend to the front end it knows that i'm an admin. How can I do this? I really appreciate it.
Well that's a very insecure way to do it, as if they knew what they were doing they could easily show it again in their browser.

However the code would be something like this in a controller:

Code: Select all

if($isLogged) {
$additionalCSS = '';
} else {
$additionalCSS = '.yourelementclass {display: none} ';
}
And this in the header.twig file:

Code: Select all

<style>
{additionalCSS}
</style>
Note this is pseudocode and definitely won't work as-is.

If that isn't enough you could pay a developer such as ourselves or post a job in the Commercial Support Forum.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by shirazdrum » Thu Apr 22, 2021 8:19 pm

Hi Paul,

Security really isn't an issue here, it's just a little element that only makes sense to admins and it would be of no value to visitors.

As for if($isLogged) statement, is it checking for any logged in user or just admin?

I really appreciate it.

Newbie

Posts

Joined
Thu Apr 22, 2021 8:05 am

Post by straightlight » Thu Apr 22, 2021 8:32 pm

This tactic still won't prevent CSRF attackers to know in-between your forms since it makes no difference for those scripts. I would rather suggest you use an extension to prevent CSRF attacks.

Dedication and passion goes to those who are able to push and merge a project.

Regards,
Straightlight
Programmer / Opencart Tester


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON

Post by paulfeakins » Fri Apr 23, 2021 7:33 pm

straightlight wrote:
Thu Apr 22, 2021 8:32 pm
This tactic still won't prevent CSRF attackers to know in-between your forms since it makes no difference for those scripts. I would rather suggest you use an extension to prevent CSRF attacks.
???

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom

Post by paulfeakins » Fri Apr 23, 2021 7:34 pm

shirazdrum wrote:
Thu Apr 22, 2021 8:19 pm
As for if($isLogged) statement, is it checking for any logged in user or just admin?
Good point, you might need to check the group too.

You could always post a job in Commercial Support if you're not sure how to do it all yourself.

UK OpenCart Hosting | OpenCart Audits | OpenCart Support - please email info@antropy.co.uk


User avatar
Guru Member
Online

Posts

Joined
Mon Aug 22, 2011 11:01 pm
Location - London Gatwick, United Kingdom
Who is online

Users browsing this forum: DesignCart, Semrush [Bot] and 103 guests