samona Posted May 16, 2011 Share Posted May 16, 2011 Hi, I want to have a way to require an admin who is logged in to re-authenticate before he/she is allowed to view administrative pages using the same form they used to login. Any ideas? Quote Link to comment https://forums.phpfreaks.com/topic/236566-reauthenticate-user/ Share on other sites More sharing options...
fugix Posted May 16, 2011 Share Posted May 16, 2011 Why not just create another form for the admins Quote Link to comment https://forums.phpfreaks.com/topic/236566-reauthenticate-user/#findComment-1216119 Share on other sites More sharing options...
samona Posted May 16, 2011 Author Share Posted May 16, 2011 i could do that but i figured that would be redundant. is that the best practice? Quote Link to comment https://forums.phpfreaks.com/topic/236566-reauthenticate-user/#findComment-1216121 Share on other sites More sharing options...
wepnop Posted May 16, 2011 Share Posted May 16, 2011 I dont understand very well your problem. Just check if the user in the sesion is admin or not and do that, no? Quote Link to comment https://forums.phpfreaks.com/topic/236566-reauthenticate-user/#findComment-1216122 Share on other sites More sharing options...
HDFilmMaker2112 Posted May 16, 2011 Share Posted May 16, 2011 Create another form with separate SESSION variable, and populate the Username field (if there is one) with the Username set from the original form. So all they need to do is re-type in their password. That's what most sites do when you go in to edit account settings. And then you can kill the second session when they log-out of the admin panel, but they stay logged in to general area. Quote Link to comment https://forums.phpfreaks.com/topic/236566-reauthenticate-user/#findComment-1216125 Share on other sites More sharing options...
HDFilmMaker2112 Posted May 16, 2011 Share Posted May 16, 2011 I dont understand very well your problem. Just check if the user in the sesion is admin or not and do that, no? You have a bit of a security hole by doing that... If the actual user steps away from their computer, and somebody else comes along, they can click into the admin panel then without need to validate they are indeed that person. Quote Link to comment https://forums.phpfreaks.com/topic/236566-reauthenticate-user/#findComment-1216126 Share on other sites More sharing options...
wepnop Posted May 16, 2011 Share Posted May 16, 2011 I dont understand very well your problem. Just check if the user in the sesion is admin or not and do that, no? You have a bit of a security hole by doing that... If the actual user steps away from their computer, and somebody else comes along, they can click into the admin panel then without need to validate they are indeed that person. How? You are talking about a real person using the same PC after the admin? If not, i dont understand why. Quote Link to comment https://forums.phpfreaks.com/topic/236566-reauthenticate-user/#findComment-1216129 Share on other sites More sharing options...
fugix Posted May 16, 2011 Share Posted May 16, 2011 then the admin shouldn't be so foolish as to walk away from his/her comp still logged into their account..that will always be an issue for all webpages Quote Link to comment https://forums.phpfreaks.com/topic/236566-reauthenticate-user/#findComment-1216132 Share on other sites More sharing options...
samona Posted May 17, 2011 Author Share Posted May 17, 2011 I used another form for the admin login as fugix suggested. thx! Quote Link to comment https://forums.phpfreaks.com/topic/236566-reauthenticate-user/#findComment-1216441 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.