vinpkl Posted October 26, 2008 Share Posted October 26, 2008 hi i am working on admin section which has a login page with login id and pasword form. In my admin section i have many pages say like manage_products.php, description.php, control_panel.php etc. if the user have to access the manage_products.php page then he can access it just typing like the link below http://localhost/vineet/admin/manage_products.php without entering login user and pasword. i want to restrict the access of this page through admin panel only. The user should be able to access page only if he is logged in. vineet Quote Link to comment Share on other sites More sharing options...
MasterACE14 Posted October 26, 2008 Share Posted October 26, 2008 have a column in the user table that is called something like "authority", and then run a check on the Admin only pages. <?php if($row['authority'] == "admin") { // display page } else { // redirect to main page header("Location: mainpage.php"); } ?> Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 have a column in the user table that is called something like "authority", and then run a check on the Admin only pages. <?php if($row['authority'] == "admin") { // display page } else { // redirect to main page header("Location: mainpage.php"); } ?> hi what will be the datatype to be selected for "authority" column. and where you have written in code // display page do i have to write the page name or leave it as comment vineet vineet Quote Link to comment Share on other sites More sharing options...
mtylerb Posted October 26, 2008 Share Posted October 26, 2008 By // Display page He means to put the code in there that displays the page you want to view, if they are authenticated. Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 By // Display page He means to put the code in there that displays the page you want to view, if they are authenticated. hi ok that is fine. One thing i want to know that i will put this code in all the admin pages except the login page. and what will be the datatype for the authority column in database vineet Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 By // Display page He means to put the code in there that displays the page you want to view, if they are authenticated. hi thanks for the reply. it worked well. I just wanted to know what should i write in my "logout" page. i have started session_start(); in my config.php which is included file in every admin page. vineet Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 By // Display page He means to put the code in there that displays the page you want to view, if they are authenticated. hi With this script after loggin i am redirecting the user to control_panel.php but it doesnt allow to redirect even after entering user and password correctly. vineet Quote Link to comment Share on other sites More sharing options...
runnerjp Posted October 26, 2008 Share Posted October 26, 2008 why not just check for the id?? surly the admin id would be 1 so <?php if($row['id'] == "1") { // display page } else { // redirect to main page header("Location: mainpage.php"); } ?> Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 26, 2008 Author Share Posted October 26, 2008 why not just check for the id?? surly the admin id would be 1 so <?php if($row['id'] == "1") { // display page } else { // redirect to main page header("Location: mainpage.php"); } ?> Hi i tried with ID also. It restricts the page to be accessed without login but the problem i m facing is that even if i have entered user and password corectly it doesnot redirect me to control_panel.php If i remove this script from control_panel.php then after entering user name and password it redirects to control_panel.php in control_panel.php i m writing if($row['id'] == "2") { header("Location:control_panel.php"); } else { // redirect to main page header("Location:index.php"); } vineet Quote Link to comment Share on other sites More sharing options...
runnerjp Posted October 27, 2008 Share Posted October 27, 2008 well why not just do this <?php if($row['id'] == "2") { show control panel infomation } else { echo 'you are not admin'; } ?> thats all you really need.. there is no need to direct someone to a control panel if there allready there... Quote Link to comment Share on other sites More sharing options...
Andy-H Posted October 27, 2008 Share Posted October 27, 2008 adminlogin session_start(); if (successfull login){ $_SESSION['admin_user'] = TRUE; } control pages if (!isset($_SESSION['admin_user'])){ die("Access denied, your not an administrator..."); } Quote Link to comment Share on other sites More sharing options...
vinpkl Posted October 28, 2008 Author Share Posted October 28, 2008 adminlogin session_start(); if (successfull login){ $_SESSION['admin_user'] = TRUE; } control pages if (!isset($_SESSION['admin_user'])){ die("Access denied, your not an administrator..."); } Hi andy Thanks for the reply. It working well as needed. vineet Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.