Passing Variables Using Session

Passing variables via the URL in PHP can be dangerous. This is the case if you don’t properly filter and sanitize your inputs. This could lead to potential database exploits via SQL injections. If you are using a download script, someone might be able traverse your directories and gain access to your system files. After all, you don’t want anyone looking at your passwd file. Back to PHP, it’s ideal if that we avoid passing variables via URL. We can use sessions.

Passing Variables via URL

// A variable is passed from one page to another via a link.
<a href="page2.php?file=sample.txt">Link</a>
// Someone can traverse the directory and access system files.
<a href="page2.php?file=../../../../../etc/passwd">Link</a>

Passing variables via Sessions

// Page 1
// start a session
session_start();
// set filename
$file = 'sample.txt';
$_SESSION['file']=$file;
<a href="page2.php">Page 2</a>
// Page 2
// start a session
session_start();
$file=$_SESSION['file']);
// display filename
echo $file;
// remove a session variable
unset($_SESSION['file']); 
// unset entire session
session_destroy();

Viewer must accept cookie for sessions to work.

Sessions are not foolproof. They can be hijacked, but they are a heck more secure than passing variables via the URL.

Viewable by Admin Only

This article will show you how to make a WordPress Page viewable by the admin only. This is really quite handy if you’re creating a custom WordPress Template. You can make certain parts or the entire page viewable by the admin only by placing the code below in your WordPress Page Template.

if ( current_user_can( 'manage_options' ) ) {
    // display text here for user with admin privilege
} else {
    // display text here for user without admin privilege
}

There has been some confusion whether to use is_admin() instead of current_user_can(‘manage_options’). is_admin() is a conditional to check if the user is in the Dashboard or in the Administration Panel. It’s just a boolean conditional that will return true if the URL being accessed is in the admin section.

if ( is_admin() ) {
    // returns true that user is in the admin panel
} else {
    // returns false if otherwise
}

It’s best to use current_user_can(‘manage_options’) when checking if user is an admin.

Dual Booting Ubuntu and Mint

I’ve been using the Mac OS for six years now. Prior to that, I was an Ubuntu user for 10 years. I do miss working with Linux. Part of the reason I switched, I was tired of constantly fixing the Ubuntu desktop. Every time there was a new release, something was broken and I needed to fix it. Then Ubuntu Unity desktop came along. That essentially was the last straw. I dabbled with Mint a little bit, but it only lasted for a couple of months.

These past few months, I’ve been trying to rekindle my love for Linux. I’m trying out two distros. I’m running Ubuntu 16.04 LTS and Linux Mint 18, dual booting each distro sharing a 1TB hard drive. Each distro is taking up 500GB. Both are running the Cinnamon desktop. There are a few issues here and there. It’s not quite the polish product yet. On both instances, I had to install the Chromium browser because Firefox, the default browser, is not just up to snuff.

Overall, Ubuntu and Linux Mint have improved tremendously since I last used them. The Sound and WiFi network settings are much, much more easier to configure than the previous iterations. If you were ask me which distro do I prefer now, I can’t give you an answer at the moment. Time will tell. It’s going to take a while to get used to navigating and using the Cinnamon desktop effectively. Maybe a follow up post is in order.