how to make the webpage editable by the admin?????

[vin_akleh]

i have a web page that is not editable by the client (read only)

when the admin login he can change the text in the page

 

i know that i have to use if condition, and i already have all what i need for the admin login, but i don't know what is the condition

if (admin not loged in)
{
echo'<p>some text in here</p>';
}
else
{
echo'<form method="post" action=" '.$_SERVER['PHP_SELF'];.' ">
enter text here:<textarea name="content" cols="60" rows="10"></textarea>
<br>
<input type="submit" value="save">
<input type="reset" value="clear"><br/>
</form>';
}

[visualazza]

are you using sessions or cookies.

 

If it is sessions then you could just go for a straight forward:

 

session_start();

if(!isset($_SESSION['SESS_USER_ADMIN']) || (trim($_SESSION['SESS_USER_ADMIN']) == '')) {
	header("location: access-denied.php");
	exit();
}

 

or for cookies just replace the $_SESSION with $_COOKIE.

[vin_akleh]

does this have any security flows??!!

should i use any other better way

can any one forge there cookies to get admin privilege

[visualazza]

i always use sessions as they are server side so no one can edit them

[visualazza]

so you only ever have to change it once, just put that session code i gave you into a file called auth.php ro something and then add:

 

require_once('auth.php');

[vin_akleh]

only 2 question

1- is it better to use a boolean variable

or is there any flows in my way of coding, that i must consider using another way?

2- what does the request_once() does???