Jump to content
Larry Ullman's Book Forums

Recommended Posts



I recently restructured a website along the modularization lines (page 44 onwards).


The content modules all start with a check to see if the BASE_URL constant has been defined and redirect the user if it has not been defined. This is clear and works just fine in the visitor-accessible part of the site.


In the administration part of my website, the modules also check to make sure that an administrator is using the script via a check to a session set up like page 82 onwards.


I am having trouble with 'headers already sent' and understand why this is happening and know how to fix that.


But my question is do I need both the BASE_URL constant check as well as the administrator/session check in the admin content scripts? There are no financials in the website and also no sensitive data in the database though I need to ensure that non-administrators cannot use the admin scripts.


Your thoughts/advice will be welcomed.


Cheers from Oz.

Link to comment
Share on other sites


  • Create New...