vinpkl Posted October 26, 2008 Share Posted October 26, 2008 hi i am working on admin section which has a login page with login id and pasword form. In my admin section i have many pages say like manage_products.php, description.php, control_panel.php etc. if the user have to access the manage_products.php page then he can access it just typing like the link below http://localhost/vineet/admin/manage_products.php without entering login user and pasword. i want to restrict the access of this page through admin panel only. The user should be able to access page only if he is logged in. vineet Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/ Share on other sites More sharing options...
MasterACE14 Posted October 26, 2008 Share Posted October 26, 2008 have a column in the user table that is called something like "authority", and then run a check on the Admin only pages. <?php if($row['authority'] == "admin") { // display page } else { // redirect to main page header("Location: mainpage.php"); } ?> Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-674944 Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 have a column in the user table that is called something like "authority", and then run a check on the Admin only pages. <?php if($row['authority'] == "admin") { // display page } else { // redirect to main page header("Location: mainpage.php"); } ?> hi what will be the datatype to be selected for "authority" column. and where you have written in code // display page do i have to write the page name or leave it as comment vineet vineet Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-674948 Share on other sites More sharing options...
mtylerb Posted October 26, 2008 Share Posted October 26, 2008 By // Display page He means to put the code in there that displays the page you want to view, if they are authenticated. Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-674949 Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 By // Display page He means to put the code in there that displays the page you want to view, if they are authenticated. hi ok that is fine. One thing i want to know that i will put this code in all the admin pages except the login page. and what will be the datatype for the authority column in database vineet Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-674950 Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 By // Display page He means to put the code in there that displays the page you want to view, if they are authenticated. hi thanks for the reply. it worked well. I just wanted to know what should i write in my "logout" page. i have started session_start(); in my config.php which is included file in every admin page. vineet Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-674955 Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 By // Display page He means to put the code in there that displays the page you want to view, if they are authenticated. hi With this script after loggin i am redirecting the user to control_panel.php but it doesnt allow to redirect even after entering user and password correctly. vineet Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-674964 Share on other sites More sharing options...
runnerjp Posted October 26, 2008 Share Posted October 26, 2008 why not just check for the id?? surly the admin id would be 1 so <?php if($row['id'] == "1") { // display page } else { // redirect to main page header("Location: mainpage.php"); } ?> Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-674965 Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 why not just check for the id?? surly the admin id would be 1 so <?php if($row['id'] == "1") { // display page } else { // redirect to main page header("Location: mainpage.php"); } ?> Hi i tried with ID also. It restricts the page to be accessed without login but the problem i m facing is that even if i have entered user and password corectly it doesnot redirect me to control_panel.php If i remove this script from control_panel.php then after entering user name and password it redirects to control_panel.php in control_panel.php i m writing if($row['id'] == "2") { header("Location:control_panel.php"); } else { // redirect to main page header("Location:index.php"); } vineet Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-674967 Share on other sites More sharing options...
runnerjp Posted October 27, 2008 Share Posted October 27, 2008 well why not just do this <?php if($row['id'] == "2") { show control panel infomation } else { echo 'you are not admin'; } ?> thats all you really need.. there is no need to direct someone to a control panel if there allready there... Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-675840 Share on other sites More sharing options...
Andy-H Posted October 27, 2008 Share Posted October 27, 2008 adminlogin session_start(); if (successfull login){ $_SESSION['admin_user'] = TRUE; } control pages if (!isset($_SESSION['admin_user'])){ die("Access denied, your not an administrator..."); } Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-675844 Share on other sites More sharing options...
vinpkl Posted October 28, 2008 Author Share Posted October 28, 2008 adminlogin session_start(); if (successfull login){ $_SESSION['admin_user'] = TRUE; } control pages if (!isset($_SESSION['admin_user'])){ die("Access denied, your not an administrator..."); } Hi andy Thanks for the reply. It working well as needed. vineet Link to comment https://forums.phpfreaks.com/topic/130156-solved-how-to-restrict-access-to-admin-pages/#findComment-676301 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.