etrader Posted July 19, 2011 Share Posted July 19, 2011 I created a session by a login page, and limited the pages by adding this condition to every page if(!isset($_SESSION['level'])){ echo"You are not authorized to visit this page"; } This works perfectly for every single page, but how I can use it for an entire folder like admin folder ? Quote Link to comment Share on other sites More sharing options...
WebStyles Posted July 19, 2011 Share Posted July 19, 2011 you can use $_SERVER['REQUEST_URI'] to grab the url path and split it accordingly to find the last folder's name. Quote Link to comment Share on other sites More sharing options...
etrader Posted July 19, 2011 Author Share Posted July 19, 2011 Sorry I didn't get it. Where should I put this code? I am looking for a way to create limited session to avoid access to the entire folder of admin; without putting the code in each single page. Quote Link to comment Share on other sites More sharing options...
WebStyles Posted July 19, 2011 Share Posted July 19, 2011 I just gave you a tip, I didn't do the work for you, so you don't just "put the code somewhere". echo that variable to see what you get while inside one of the admin folders. Then you can figure out how to protect the folders by splitting the result and adding another $_SESSION check. Quote Link to comment Share on other sites More sharing options...
ZulfadlyAshBurn Posted July 19, 2011 Share Posted July 19, 2011 create a new file which contain this code. chkadm.php <?php if(!isset($_SESSION['level'])){ echo"You are not authorized to visit this page"; } ?> then on every page, just add in require('chkadm.php'); Quote Link to comment Share on other sites More sharing options...
Nodral Posted July 19, 2011 Share Posted July 19, 2011 Or you can create a file which checks if the user has the correct permissions of the various files and just include it at the start of each file. Dirty I know, but it works!!! <edit>Sorry, posted that at the same time. Great minds thing alike!!</edit> Quote Link to comment Share on other sites More sharing options...
etrader Posted July 20, 2011 Author Share Posted July 20, 2011 It seems there is no way to do so. I am currently doing what ZulfadlyAshBurn said. I was looking for a way NOT to edit every single php file in my admin folder. I was looking to make a rule for the entire folder, not every single page. WebStyles, I did not ask you to make it work for me. I just asked you to clarify your tip, as apparently you did not get my issue. Anyway, thank folks! Quote Link to comment Share on other sites More sharing options...
premiso Posted July 20, 2011 Share Posted July 20, 2011 I was looking to make a rule for the entire folder, not every single page. Easily done with .htaccess and a bootstrap file. The .htaccess takes any request to the admin folder and redirects to say bootstrap.php. The bootstrap will then parse the request, include the proper file and you can have all the code inside that file that needs to be included on all of those files. RewriteEngine On RewriteRule ^admin/(.*).php$ bootstrap.php?page=$1 [L] Is a rough example and may need tweaking, but there you go. Quote Link to comment Share on other sites More sharing options...
etrader Posted July 21, 2011 Author Share Posted July 21, 2011 Thanks premiso, that's exactly what I asked for I use Nginx, thus, I needed to adopt the rule; but it is the easy part. I just needed to have an idea Thanks again! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.