By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,746 Members | 1,924 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,746 IT Pros & Developers. It's quick & easy.

how to restrict access to admin pages

P: 41
hi

i am working on admin section which has a login page with login id and pasword form.
in my admin section i have many pages say like manage_products.php, description.php, user.php etc.

if i have to access the manage_products.php page then i can access it just typing like the link below

http://localhost/vineet/admin/manage_products.php

without entering login user and pasword.

i want to restrict the access of this page through admin panel only. No one should able to access any of the page by typing the url directly. how is it possible.

vineet
Oct 26 '08 #1
Share this Question
Share on Google+
4 Replies


Markus
Expert 5K+
P: 6,050
hi

i am working on admin section which has a login page with login id and pasword form.
in my admin section i have many pages say like manage_products.php, description.php, user.php etc.

if i have to access the manage_products.php page then i can access it just typing like the link below

http://localhost/vineet/admin/manage_products.php

without entering login user and pasword.

i want to restrict the access of this page through admin panel only. No one should able to access any of the page by typing the url directly. how is it possible.

vineet
You need to write a login page which would compare the user give data against a database of admin credentials. If they matched, set a cookie or a session saying the user has permission to access restricted pages. On restricted pages check if a cookie/session is set to allow them access.

Google
Oct 26 '08 #2

100+
P: 110
another way to go is to use apache and an access file.
Depends on what you want to do. I think if the admin pages are just for you and a few others, the database login route may be overkill.

check out this link
http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html
Oct 27 '08 #3

zabsmarty
P: 25
for this you will be take a session ID or session varaible from admin so when you will login as admin then store admin id or any variable in session variable and on top of each page check that if this variable is empty then go for login .

for examle:

Expand|Select|Wrap|Line Numbers
  1.  
  2. if(!isset($_SESSION['adminemail']))
  3. {
  4. header("location:login.php');
  5. exit();
  6. }
  7.  
  8.  
hope you will be unserstand.
Thanks
Oct 28 '08 #4

Markus
Expert 5K+
P: 6,050
for this you will be take a session ID or session varaible from admin so when you will login as admin then store admin id or any variable in session variable and on top of each page check that if this variable is empty then go for login .

for examle:

Expand|Select|Wrap|Line Numbers
  1.  
  2. if(!isset($_SESSION['adminemail']))
  3. {
  4. header("location:login.php');
  5. exit();
  6. }
  7.  
  8.  
hope you will be unserstand.
Thanks
Again, like I have already suggested.
Oct 28 '08 #5

Post your reply

Sign in to post your reply or Sign up for a free account.