Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
In previous movies, we removed the pages that are not visible from our navigation, so that subjects and pages don't show up there if they're not visible. However, that doesn't mean that users can't still view them. Let me show you what I mean. Start out with, go into your admin area and pick a page. I'm going to pick certification. And edit the page, and make it visible? No. So now we have a page that's not visible, we can still see it in the staff area. But if we go into Widget Corp on the public side, we reload the page, services, it's not there. We just see retrofitting.
Now, let's click on retrofitting. You'll see that its page ID equals five up here at the top. Look over here, and you'll notice that page ID equals six as what certification was. Just change that URL at the top. Change it to six. Look at that. Even though it doesn't show up as an Option for users to pick over here on the side, it is still visible. It is still possible to put in a request and still get that page back. That's bad news. That means that our page that we thought was not public, actually is public. If users want to take the time to start typing in other numbers up there to see what they can find, they can actually discover content they we don't intent for public viewing.
We got to be careful about that as developers. So, let's put in a fix for this. Now, index.php controls the public side of things. Everything is done off of this page. Now we could, at the top of this page, write a function that checks to see and says if this page is not a visible page, then redirect the user the something else. Right? Or return an error of some sort. We could do that. And in some instances, that might make a lot of sense. But I think it's overkill here. I think we can go with something a lot simpler.
Notice that the way that our page works, is if we have a current page, it displays it. Otherwise, we get a welcome message. It's that simple. So all we have to is make sure that we don't find the current page, and then it won't get displayed. If it can't find it, and se, can't set current page to it, then they'll just get the default welcome message instead. Current page is being set by our fine selected page function, so let's go look there. Notice that I'm already passing in true as an argument to find selected page. Here we go, here's find selected page and it now is contact sensitive, public equals false. We were doing that because we were working with this default page, but we have this public sensitivity that we can use down here as well. If page has been set, then it finds the page by ID. It doesn't care whether it's visible or not, it's taking that ID, finding that page and displaying it to us.
That's not what we want, what we want this that to be a context sensitive function. So, let's include something here that just says, pass in public as a second argument to find page by ID. We won't worry about setting public here, because it's already going to have been set when it was first called. We're just going to pass that information along to find page by ID. Let's go up to find page by ID. We know that we're going to need to have that argument here, public equals, and we'll make it default to true, just like we did for our other ones up here. So, find page by ID now, needs to find only visible pages that have the current ID, if we're in the public area.
We know how to do that. Public and query, so where ID equals the ID, and Visible equals 1. And I need a space after it to make sure the SQL still goes together nicely when I finally concatenate it with limit equals one. So, just like we did before, now when we find the page by ID. If we're in the public area, we're going to make sure that it's visible pages with that ID. If were not, if we're in the admin area, then we'll find pages that have that exact ID.
So, let's go and try that real quick. Let's just reload this page looking for page six. Look at that, we get the welcome message. We can still click on retrofitting, no problem, but we can't edit that to anything else. If we put in six, we put in seven. If we put in 700. Right? If it can't find that page that's visible and has that ID, we get our default welcome message. Much better. In our admin area though, it's no problem, we can still go ahead and surf around, and see all those pages just like you'd expect.
Now, anytime that you make a function contact sensitive like that, you also want to look for all other times that you used that function and make sure that you're passing in the context. I happened to know the only other place we're doing it is on delete page. The top of the delete page, we're calling find page by ID. So, we also need to tell it while we're in the admin area, so public equals false. This is admin request. So, let's save that. We also should do the same thing for find subject by ID. it matters a lot less than the page does, but its still a good practice to go ahead and do this throughout our site. So we're going to have public equals true.
And the code for this, the SQL is going to be absolutely the same. In fact, I'll just copy that and I'll just drop it right in there. So where id equals the safe subject ID, and if it's public, also make sure that it's visible. And same thing anytime that we have find subject by ID like we do in delete subject. We're also going to make sure that we pass in the context there as well. The other place that we do it is in functions.php, find_subject_by _id, right here.
And we already have public, we just need to pass it in at the same time. So find selected page, and pass along whether or not it's in the public or not. Now, it's a minor point, but there is the possibility of course, that we won't find the subject, right? If the subject won't be found here, and we're asking for the current subject's ID. So let's also just check and see if we have current subject. If that has been set to something and if we're in the public context, then look for find default page. to find default page is only looking at public ones. Find pages for subject, and it defaults to the public. We're not passing in a context.
So this is by definition, going to be a public function that we're calling. So we don't need to worry about making it more context sensitive. You could add that feature to it, but I think, because we're only using the default pages on the public side, I think it's okay not to. So now, if you take a look at our different find functions, you'll see that we've gone through and made most of our find functions context sensitive. Right? These all have the ability to tell whether we're in the public area or not, and display subjects and pages based on their visibility. But most importantly, we've taken to account the possibility that users are not going to be well behaved.
That they're going to type random things into the URL string, looking for data that they shouldn't have. We've gotta make sure as developers, that we're on guard for that kind of behavior.
Get unlimited access to all courses for just $25/month.Become a member
82 Video lessons · 101504 Viewers
61 Video lessons · 88266 Viewers
71 Video lessons · 72134 Viewers
56 Video lessons · 103896 Viewers
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.
Your file was successfully uploaded.