Jump to content

Security.


jkkenzie

Recommended Posts

There is a page e.g admin.php in the same folder as the index.php(home page) , the reason for them being on same folder is so as to be accessed via internet for manipulating the database. My question is , anyone can access this admin.php page where it directs them to a login page, how can i prevent people from accessing this page?

Link to comment
Share on other sites

hi,

 

can you explain what you meant by "the reason for them being on same folder is so as to be accessed via internet for manipulating the database" .....

 

i think if you create a single file for database connection then you can include that file anywhere in your web app. so ... i get confused what exactly your idea to keep these two file together.

 

Regards

Link to comment
Share on other sites

Im assuming that you have some sort of user account on this. I would add to your user table an additional field, 'rank' or something and default it at 1. Say you choose to give admin the rank of 5. You just put an mysql query on your admin page. If the person's rank is 5, let them view it, else.. display a message.

 

e.g

 

if($user['rank'] == 5){

--SHOW PAGE--

} else {

echo "Your not authorised to view this page!";

}

 

Also, instead of having an additional page for admin login. You could just put have it linked to on the website, but the link only displays if the users rank is 5.

 

e.g.

 

if($user['rank'] == 5){

echo "<a href=\"admin.php\">Admin</a>";

}

Link to comment
Share on other sites

@pritii: think hes trying to prevent other people from accessing the admin.php page..

 

@jkkenzie: you can put a admin login in admin.php

@vbnullchar  My intention to ask this is what may be the reason that index.php and admin.php has to be in same place ??

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.