Search
Left Quote    Nearly all men can stand adversity, but if you want to test a man's character, give him power.
- Abraham Lincoln    
Right Quote
 
[login] | [Register]
Forum Index » PHP and mySQL » Viewing Topic and Replies
Post Reply


        Viewing Topic: Protect admin area
  This user is offline  confuser
  Subject: "Protect admin area" Posted: @ 3:56 pm on Jan 04 2008   
Member #: 531
Rank: User - (4)
Since: 01/02/08
Posts: 4

Ok i have an admin area that i want to protect from non admins as it were. I have added a new table in members called admin, with a default of 0. i have registered and changed the 0 to a 1 for my username. On my admin page i have got this

Code:
<?
include_once('. ./db.php');
include_once('. ./header.php');
include_once('. ./menu.php'); echo'<tr>
<td width="497 " height="50 0" valign="to p" bgcolor="# 94DFFF"> ;';
$admin = mysql_query(&qu ot;SELECT `admin` FROM `members` WHERE `admin` = '1'");
if ($admin['admin' ] = 1)
{
$file = $_GET['file'];< br /> $php = '.php';
$var = 'admin.php?file =';
if ($_GET['file'])
include($file . $php);
else
{
echo'What would you like to do?';
echo'<br> <a href="' . $var . 'articles" >Add Articles</a& gt;';
echo'<br> <a href="' . $var . 'editarticles&q uot;>Edit Articles</a& gt;';
echo'<br> <a href="sett ings.php"& gt;Update Settings</a& gt;';
}
?>
</td>
<td width="4&q uot; height="50 0" valign="to p">& ;nbsp;</td&g t;
</tr>
</table>& lt;?
}
else
echo'You do not have permission to view this page';
include('../foo ter.php');
?>


Its not working. I think its because there is no session but i have no idea on how to do those...
Anyone help me?


    Viewed: 7,091 Times | Reply to This | To top
  This user is offline  bs0d
  Subject: "re: Protect admin area" Posted: @ 7:00 pm on Jan 04 2008    

Member #: 1
Rank: Admin. - (1,505)
Since: 02/06/05
Posts: 600
From: USA

In addition to the script, you should protect with .htaccess as well.




-bs0d | AllSyntax.com

    Viewed: 7,073 Times | Reply to This | To top
  This user is offline  confuser
  Subject: "re: Protect admin area" Posted: @ 7:14 pm on Jan 04 2008    
Member #: 531
Rank: User - (4)
Since: 01/02/08
Posts: 4

  bs0d said...

< i> In addition to the script, you should protect with .htaccess as well.
hmm ok but what bout my solution too?




    Viewed: 7,070 Times | Reply to This | To top
  This user is offline  bs0d
  Subject: "re: Protect admin area" Posted: @ 12:38 am on Jan 05 2008    

Member #: 1
Rank: Admin. - (1,505)
Since: 02/06/05
Posts: 600
From: USA

First, all you needed to do was add "rank&qu ot; to your members table, rather than creating a whole new table with more rows and stuff. Make your rank "Admin&q uot; - then on your admin pages, just check:

if($_SESSION[' user_rank'] != "Admin&q uot;) die("get out of here!");< br />
Where $_SESSION['use r_rank'] stores the value from the rank field in the members table. Just grab that field when you check everything else for login.




-bs0d | AllSyntax.com

    Viewed: 7,030 Times | Reply to This | To top
Viewing Page: 1 of 1


1 |

You must be logged in to post on the forums. Login or Register








"AllSyntax.com" Copyright © 2002-2018; All rights lefted, all lefts righted.
Privacy Policy  |  Internet Rank