469,282 Members | 1,909 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,282 developers. It's quick & easy.

how to restrict access to admin pages

41
hi

i am working on admin section which has a login page with login id and pasword form.
in my admin section i have many pages say like manage_products.php, description.php, user.php etc.

if i have to access the manage_products.php page then i can access it just typing like the link below

http://localhost/vineet/admin/manage_products.php

without entering login user and pasword.

i want to restrict the access of this page through admin panel only. No one should able to access any of the page by typing the url directly. how is it possible.

vineet
Oct 26 '08 #1
4 10251
Markus
6,050 Expert 4TB
hi

i am working on admin section which has a login page with login id and pasword form.
in my admin section i have many pages say like manage_products.php, description.php, user.php etc.

if i have to access the manage_products.php page then i can access it just typing like the link below

http://localhost/vineet/admin/manage_products.php

without entering login user and pasword.

i want to restrict the access of this page through admin panel only. No one should able to access any of the page by typing the url directly. how is it possible.

vineet
You need to write a login page which would compare the user give data against a database of admin credentials. If they matched, set a cookie or a session saying the user has permission to access restricted pages. On restricted pages check if a cookie/session is set to allow them access.

Google
Oct 26 '08 #2
pedalpete
110 100+
another way to go is to use apache and an access file.
Depends on what you want to do. I think if the admin pages are just for you and a few others, the database login route may be overkill.

check out this link
http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html
Oct 27 '08 #3
for this you will be take a session ID or session varaible from admin so when you will login as admin then store admin id or any variable in session variable and on top of each page check that if this variable is empty then go for login .

for examle:

Expand|Select|Wrap|Line Numbers
  1.  
  2. if(!isset($_SESSION['adminemail']))
  3. {
  4. header("location:login.php');
  5. exit();
  6. }
  7.  
  8.  
hope you will be unserstand.
Thanks
Oct 28 '08 #4
Markus
6,050 Expert 4TB
for this you will be take a session ID or session varaible from admin so when you will login as admin then store admin id or any variable in session variable and on top of each page check that if this variable is empty then go for login .

for examle:

Expand|Select|Wrap|Line Numbers
  1.  
  2. if(!isset($_SESSION['adminemail']))
  3. {
  4. header("location:login.php');
  5. exit();
  6. }
  7.  
  8.  
hope you will be unserstand.
Thanks
Again, like I have already suggested.
Oct 28 '08 #5

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

3 posts views Thread by Paul | last post: by
19 posts views Thread by ree32 | last post: by
1 post views Thread by Mubs | last post: by
1 post views Thread by Chase Kang #52 | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by suresh191 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.