Jump to content

Admin Access Only

nashsaint

By nashsaint
in PHP Coding Help

Recommended Posts

nashsaint Member

nashsaint

Posted
Posted

Hi,

 

I created 2 priviledges, 1 for users and another for Admin. I used $_SESSION to check if the user or Admin is logged in and redirect them to respective address.  But my problem is when a user is logged in, he can access to the Admin area by simply typing the address in the address bar. 

 

In my SQL I created a field 'priv_admin' with values 0 or 1 for User and Admin priviledges respectively.  Please help me how to include this into my code.

 

 

// If no first_name variable exists, redirect the user.
if (!isset($_SESSION['first_name'])) {

    // Start defining the URL.
    $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
    //Check for a trailing slash.
    if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {
        $url = substr($url, 0, -1); // Chop off the slash.

    }
    // Add the page.
    $url .= '/index.php';

    ob_end_clean(); // Delete the buffer.
    header("Location: $url");
    exit(); // Quit the script.
} else {

// next lines if user is registered

Link to comment
https://forums.phpfreaks.com/topic/104086-admin-access-only/
Share on other sites
nashsaint Member

nashsaint

Posted
  • Author
Posted

Hi,

 

I think I found a way to solve this.  I added few lines and copied the redirecting code like this:

 

// If no first_name variable exists, redirect the user.
if (!isset($_SESSION['first_name'])) {

    // Start defining the URL.
    $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
    //Check for a trailing slash.
    if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {
        $url = substr($url, 0, -1); // Chop off the slash.

    }
    // Add the page.
    $url .= '/index.php';

    ob_end_clean(); // Delete the buffer.
    header("Location: $url");
    exit(); // Quit the script.
} else {
// next lines if user is registered

    $priv_fn = ($_SESSION['first_name']);

    $priv_query = "SELECT priv_admin FROM engineers WHERE first_name='$priv_fn'";
    $priv_result = mysql_query($priv_query);
    $priv_array = mysql_fetch_array($priv_result);

    if ($priv_array['priv_admin'] != 1) {

    // Start defining the URL.
    $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
    //Check for a trailing slash.
    if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {
        $url = substr($url, 0, -1); // Chop off the slash.

    }
    // Add the page.
    $url .= '../../index.php';

    ob_end_clean(); // Delete the buffer.
    header("Location: $url");
    exit(); // Quit the script.

    } else {

// next lines is true if $session is true and if priv_admin is 1.

Link to comment
https://forums.phpfreaks.com/topic/104086-admin-access-only/#findComment-532956
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.