Chris.P Posted March 26, 2007 Share Posted March 26, 2007 I have created a little website with login and admin area that updates the sites content. I need to figur eout what the best way is to stop people who are not logged in going direct to my admin pages for example just typing in /admin.php when nobody is logged in. I read this can be done using cookie although I am not sure how and I have created a session so was wondering if it could be done via that? A little unsure here! :-\ Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted March 26, 2007 Share Posted March 26, 2007 if you have a database, you could make a users group secion, and have admin set to 1, and users set to 2. If you want to make some member a admin at some point, all you would need to do is change their group number from 2 to 1, and now they have access. Next in your PHP, create a file and make a function that returns TRUE if user group = 1, and if not, return FALSE. In your other files just do an if else statement. session_start(); include"My_function.php"; if(isAdmin()){ //If TRUE create a session. $_SESSION['isAdmin'] = TRUE; }else{ echo 'You are not an admin, You don\'t have rights here'; } On all your admin pages you now need to have this at the top: session_start(); if($_SESSION['isAdmin']){ //Display the page content here }else{ // Redirect to a login or users page } This is just one way/idea. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.