Jump to content

[SOLVED] how to restrict access to admin pages


vinpkl

Recommended Posts

hi

 

i am working on admin section which has a login page with login id and pasword form.

 

In my admin section i have many pages say like manage_products.php, description.php, control_panel.php etc.

 

if the user have to access the manage_products.php page then he can access it just typing like the link below

 

http://localhost/vineet/admin/manage_products.php

 

without entering login user and pasword.

 

i want to restrict the access of this page through admin panel only. The user should be able to access page only if he is logged in.

 

vineet

have a column in the user table that is called something like "authority", and then run a check on the Admin only pages.

<?php
if($row['authority'] == "admin") {
// display page
} else {
// redirect to main page
header("Location: mainpage.php");
}
?>

have a column in the user table that is called something like "authority", and then run a check on the Admin only pages.

<?php
if($row['authority'] == "admin") {
// display page
} else {
// redirect to main page
header("Location: mainpage.php");
}
?>

 

hi

 

what will be the datatype to be selected for "authority" column.

 

and where you have written in code

 

// display page

 

do i have to write the page name or leave it as comment

 

vineet

 

 

vineet

By

 

// Display page

 

He means to put the code in there that displays the page you want to view, if they are authenticated.

 

hi

 

ok that is fine.

 

One thing i want to know that i will put this code in all the admin pages except the login page.

 

and what will be the datatype for the authority column in database

 

vineet

By

 

// Display page

 

He means to put the code in there that displays the page you want to view, if they are authenticated.

 

hi

 

thanks for the reply. it worked well. I just wanted to know what should i write in my "logout" page.

 

i have started

session_start();

 

in my config.php which is included file in every admin page.

 

vineet

By

 

// Display page

 

He means to put the code in there that displays the page you want to view, if they are authenticated.

 

hi

 

With this script after loggin i am redirecting the user to control_panel.php

 

but it doesnt  allow to redirect even after entering user and password correctly.

 

vineet

 

 

why not just check for the id??  surly the admin id would be 1 so

 

<?php
if($row['id'] == "1") {
// display page
} else {
// redirect to main page
header("Location: mainpage.php");
}
?>

 

Hi

 

i tried with ID also. It restricts the page to be accessed without login but

the problem i m facing is that even if i have entered user and password corectly it doesnot

redirect me to control_panel.php

 

If i remove this script from control_panel.php then after entering user name and password

it redirects to control_panel.php

 

in control_panel.php i m writing

if($row['id'] == "2") 

{
header("Location:control_panel.php");
} 
else {
// redirect to main page
header("Location:index.php");
}

 

vineet

adminlogin

 

session_start();

if (successfull login){

$_SESSION['admin_user'] = TRUE;

}

 

control pages

 


if (!isset($_SESSION['admin_user'])){

die("Access denied, your not an administrator...");

}

 

Hi andy

 

Thanks for the reply. It working well as needed.

 

vineet

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.