[wp-hackers] Avoiding user profile editing to non administrators
Viper007Bond
viper at viper007bond.com
Mon Dec 18 23:57:45 GMT 2006
Meh @ editing core files or using the ob_ functions...
On 12/18/06, Luke Poland <luke at thunderlounge.com> wrote:
>
> Or, add the current_user_can check in front of the profile link
> in the top right, the main users tab, and check the same in
> wp-login.php and redirect them to the main site from the
> login. Unless there's additional options they can play with
> back there, why let them in at all?
>
> Of course a check in profile.php too, so it can't be loaded
> directly.
>
> No links, no error messages. :D
>
>
>
> -- Luke
>
>
>
>
> Viper007Bond wrote:
> > Er, ha, that's what you said (didn't read to the end).
> >
> > Yes, that'd probably be the best way (check the script), although this
> > is a
> > better/easier test:
> >
> > if ( 'profile.php' == basename($_SERVER['SCRIPT_NAME']) &&
> > !current_user_can('edit_users') ) die('Sorry, you aren't allowed to edit
> > your own profile.');
> >
> > Although a prettier error message would probably be better. ;)
> >
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
--
Viper007Bond | http://www.viper007bond.com/
More information about the wp-hackers
mailing list