Jump to content

restricting access to admin only

spangle1187

By spangle1187
in PHP Coding Help

 Share

Recommended Posts

spangle1187 Member

spangle1187

Posted
Posted

I am using the following to check that the user is logged on before he/she views pages on my site can I adapt what is here so that only some pages can be viewed by admin only?

 

<?php
include("../php/dbconnect.php"); //connects to the database

	//session code
	session_start();

	//Check if user is authenticated
	if(!isset($_SESSION['username'])){
    
	//User not logged in, redirect to login page
    	header( "Location: http://webdev/schools/hhs/psy_bookings/" );
	}
	else
	{

    	//User is logged in, contiue (use session vars to diplay username/email)
    	//echo "'Welcome, {$_SESSION['username']}. You are still logged in. <br />'";
   	// echo "'Your email address is: {$_SESSION['email']}.'";

	}//end of session code
?> 

Link to comment
https://forums.phpfreaks.com/topic/224959-restricting-access-to-admin-only/
Share on other sites
Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

You would nest another IF condition within your code for successful login.  Either compare the $_SESSION['username'] to a hard set value or to a result set takin from a database table of admin users.

 

You could include an ELSEIF to your login contitions, but that would only effect the page that you are on.  You would be best to hold the admin level check in another file altogether and call it into the script with an INCLUDE_ONCE(filename) on each page that you want to restrict access to.

 

so for example, put the following line after your 

else{

include_once (admin_check.inc);

then make a new file in the same directory as your current script page and save it as admin_check.inc

finaly put the following code into the admin_check.inc file

<?php
if(!isset($name_check){
$name_check = $_SESSION['username'];
}
try
{
if ($name_check == 'admin'){
   echo 'You are logged in as an administrator';
}
else{
   echo 'You are logged in as a user';
}
}
catch (Exeption $error){
die('Authentication level check failed with the following : '.$error->getMessage());
}

?>

don't forget to save it again once the code is in and try it out.  This code is untested and assumes that the administrator's username is 'admin'.

spangle1187 Member

spangle1187

Posted
  • Author
Posted

I can't get it to work?

 

I am gettingt the following errors:

 

Notice: Use of undefined constant admin_check - assumed 'admin_check' in /content_ro/webdev/htdocs/schools/hhs/psy_bookings/Admin Pages/registration.php on line 38

 

Notice: Use of undefined constant inc - assumed 'inc' in /content_ro/webdev/htdocs/schools/hhs/psy_bookings/Admin Pages/registration.php on line 38

 

Warning: include_once(admin_checkinc) [function.include-once.html]: failed to open stream: No such file or directory in /content_ro/webdev/htdocs/schools/hhs/psy_bookings/Admin Pages/registration.php on line 38

 

Warning: include_once() [function.include.html]: Failed opening 'admin_checkinc' for inclusion (include_path='.:/content_ro/webdev/htdocs/services/hr/includes:/usr/local/php/lib/php:/content/consultants/htdocs/xertetoolkits') in /content_ro/webdev/htdocs/schools/hhs/psy_bookings/Admin Pages/registration.php on line 38

Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted

I can't get it to work?

 

I am gettingt the following errors:

 

Notice: Use of undefined constant admin_check - assumed 'admin_check' in /content_ro/webdev/htdocs/schools/hhs/psy_bookings/Admin Pages/registration.php on line 38

 

Notice: Use of undefined constant inc - assumed 'inc' in /content_ro/webdev/htdocs/schools/hhs/psy_bookings/Admin Pages/registration.php on line 38

 

Warning: include_once(admin_checkinc) [function.include-once.html]: failed to open stream: No such file or directory in /content_ro/webdev/htdocs/schools/hhs/psy_bookings/Admin Pages/registration.php on line 38

 

Warning: include_once() [function.include.html]: Failed opening 'admin_checkinc' for inclusion (include_path='.:/content_ro/webdev/htdocs/services/hr/includes:/usr/local/php/lib/php:/content/consultants/htdocs/xertetoolkits') in /content_ro/webdev/htdocs/schools/hhs/psy_bookings/Admin Pages/registration.php on line 38

it's not picking up the file name properly because I gave you the wrong code.  change the include statement to this:

include_once 'admin_check.inc';

 

Sorry about that, It's been a while since I used an include statement like that - I should have checked it before I posted it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.