restricting acces to admin area

[Chris.P]

I have created a little website with login and admin area that updates the sites content. I need to figur eout what the best way is to stop people who are not logged in going direct to my admin pages for example just typing in /admin.php when nobody is logged in.

 

I read this can be done using cookie although I am not sure how and I have created a session so was wondering if it could be done via that? A little unsure here! :-\

[The Little Guy]

if you have a database, you could make a users group secion, and have admin set to 1, and users set to 2.

 

If you want to make some member a admin at some point, all you would need to do is change their group number from 2 to 1, and now they have access.

 

Next in your PHP, create a file and make a function that returns TRUE if user group = 1, and if not, return FALSE.

 

In your other files just do an if else statement.

 

session_start();
include"My_function.php";
if(isAdmin()){
     //If TRUE create a session.
     $_SESSION['isAdmin'] = TRUE;
}else{
     echo 'You are not an admin, You don\'t have rights here';
}

 

On all your admin pages you now need to have this at the top:

 

session_start();
if($_SESSION['isAdmin']){
     //Display the page content here
}else{
     // Redirect to a login or users page
}

 

This is just one way/idea.