Security.

[jkkenzie]

There is a page e.g admin.php in the same folder as the index.php(home page) , the reason for them being on same folder is so as to be accessed via internet for manipulating the database. My question is , anyone can access this admin.php page where it directs them to a login page, how can i prevent people from accessing this page?

[jkkenzie]

Also, is there a sample login page linked to a database(mysql) around here and how best to do it?.

Regards,Joseph

[priti]

hi,

 

can you explain what you meant by "the reason for them being on same folder is so as to be accessed via internet for manipulating the database" .....

 

i think if you create a single file for database connection then you can include that file anywhere in your web app. so ... i get confused what exactly your idea to keep these two file together.

 

Regards

[vbnullchar]

@pritii: think hes trying to prevent other people from accessing the admin.php page..

 

@jkkenzie: you can put a admin login in admin.php

[jkkenzie]

Say my folder is in, C:/wamp/www/index.php and my admin page admin.php is in the same directory C:/wamp/www/admin.php and C:/wamp/www/AdminLOGIN.php .

 

As you suggested, say Url would be http://www.buynairobi.com/index.php, if someone tries http://www.buynairobi.com/admin.php that would open isn't it?

 

Regards,

Joseph

[smithmr8]

Im assuming that you have some sort of user account on this. I would add to your user table an additional field, 'rank' or something and default it at 1. Say you choose to give admin the rank of 5. You just put an mysql query on your admin page. If the person's rank is 5, let them view it, else.. display a message.

 

e.g

 

if($user['rank'] == 5){

--SHOW PAGE--

} else {

echo "Your not authorised to view this page!";

}

 

Also, instead of having an additional page for admin login. You could just put have it linked to on the website, but the link only displays if the users rank is 5.

 

e.g.

 

if($user['rank'] == 5){

echo "<a href=\"admin.php\">Admin</a>";

}

[Daniel0]

How exactly do you want to restrict the access? Here is one way you can do it:

 

<Location /admin.php>
    Order Allow, Deny
    Deny from All
    Allow from *your_ip_here*
</Location>

[jkkenzie]

danielo, am not able to understand the way you do it, but i have decided when the admin is opened, it calls the login page if no one is logged in.

 

Thanks

 

Joseph

[priti]

@pritii: think hes trying to prevent other people from accessing the admin.php page..

 

@jkkenzie: you can put a admin login in admin.php

@vbnullchar  My intention to ask this is what may be the reason that index.php and admin.php has to be in same place ??