473,815 Members | 1,809 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Protection of admin pages

How to protect administration pages from entering.
I put login form on my start page (index.php), and if user put correct
data, script redirect him on page admin/admin.php. That works fine!
But if someone types in browser admin/admin.php it eneteres same page
without login. How to prevent this?
--
..:Dalibor:.
Feb 6 '06 #1
3 1902
Set a session upon login and check if it is present on the admin.php
page...

Feb 6 '06 #2
>How to protect administration pages from entering.
I put login form on my start page (index.php), and if user put correct
data, script redirect him on page admin/admin.php. That works fine!
But if someone types in browser admin/admin.php it eneteres same page
without login. How to prevent this?


You put login checking on *EVERY* *SINGLE* *PAGE*. (Usually it's
in one file defining a function or class included from everywhere
else). The checking usually looks at session data to see if you're
logged in, and the login hasn't expired, and if not, redirects you
to the login page.

If you're not using sessions, you probably check cookies. Remember
that session data like $_SESSION['logged_in'] = true is hard to
spoof, but $_COOKIE['logged_in'] = true is easy to spoof.

Gordon L. Burditt
Feb 6 '06 #3
pol
Another possibility is, that you create a .htaccess file in that
folder. Details can be found in the apache manual.

Feb 6 '06 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
3
3420
password-protection
by: Wm | last post by:
Something just occurred to me... <yeah, I know, it scared me too> I just password-protected a website by including a password authentication script in each page of a private section. The script checks the login against the mySQL database. This type of protection will only affect the .php pages, won't it? The images that are contained in the pages are not protected, as they would be if I had a .htaccess file on the parent directory..? This...
PHP
12
2819
Call for LAMP Standardization -- Installations/User-Group Admin
by: Google Mike | last post by:
You know, while working on my moonlight corporation's LAMP project at home this weekend, I couldn't help but wonder if people writing similar projects are solving similar problems with having to complete the project by building an installer and building the user/group administration piece of it. The thought came to me that it would be great if LAMP developers, whether they used MySQL or PostgreSQL, could just simply write the project to...
PHP
0
1157
ASP Admin system pointers
by: Astra | last post by:
Hi All I've been creating a number of admin systems now for my classic ASP sites and although they seem to keep the wolves from the door, I just wanted to ask if you have any additional security pointers that I should watch out for. For your ref, the ones that I have already been told are: a) Always have a login/password section in place and use session vars to
ASP / Active Server Pages
0
2031
Make stronger protection for your software products
by: SoftComplete Development | last post by:
SoftComplete Development Updates EXECryptor to v. 2.1.20 Software piracy! Cracked serial numbers! Thousands of commercial products are posted on the warez sites and become available to all who want have your software product and pay no money for your development work! Shareware developpers look for good protection for their products and create some protection themselves or find ready-made tools. But there's no many programs really...
C / C++
7
1850
Seeking feedback on Password Protection via Java/JavaScript ONLY (no cgi)
by: Borked Pseudo Mailed | last post by:
Seeking feedback on Password Protection via Java/JavaScript ONLY (no cgi): SEE: http://online_tools.home.att.net/tools.html *AND* http://online_tools.home.att.net/extraCode.htm Thanks.
Javascript
1
1429
Should I make my ASP admin pages expire? if so, how do I do this?
by: Laphan | last post by:
Hi All I've created an admin side for my ASP site and I use session vars to provide page security. Just as a bit of advice, I want to know if I should expire each admin page so that others can't bring them up. I know the session var check will bounce them back to the login page, but I'd rather they didn't even see this page if they aren't authorised.
ASP / Active Server Pages
1
1767
Protection levels after Conversion Wizard
by: musosdev | last post by:
Hi I've got a project I've just run through the conversion wizard, and it's giving me a few headaches. I've got a user control which has controls referrenced from its calling page (usercontrol1.textbox1.text etc). All worked fine in V2003, but 2005 is giving me a "usercontro1.textbox1 is inaccessible due to it's protection level" error. Obviously, with it now
ASP.NET
0
4733
Standby Database Monitoring & Protection Modes (9iR2)
by: Vinod Sadanandan | last post by:
STANDBY DATABASE MONITORING & PROTECION MODES (9iR2) This document is written for understanding and monitoring standby database configured with diffrent protection modes . MAXIMUM PROTECTION -Guarantees that no data loss will occur if the primary database fails. To provide this level of protection, the redo data needed to recover each transaction must be written to both the local online redo log and to a standby redo log on at least...
Software Development
4
11561
how to restrict access to admin pages
by: vinpkl | last post by:
hi i am working on admin section which has a login page with login id and pasword form. in my admin section i have many pages say like manage_products.php, description.php, user.php etc. if i have to access the manage_products.php page then i can access it just typing like the link below http://localhost/vineet/admin/manage_products.php without entering login user and pasword.
PHP
0
10672
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10408
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10428
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9226
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7687
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
6897
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5570
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5710
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4359
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us