Disallow access to news.php, instead of index.php?page=news

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Rahil
Forum Newbie
Posts: 17
Joined: Sun Feb 15, 2004 2:24 pm
Location: Toronto, Ontario, Canada

Disallow access to news.php, instead of index.php?page=news

Post by Rahil »

Sorry about the long topic name, but I couldn't think of anything else. Anyways, I have an admin section on one of my sites, and I want to use the "index.php?page=x" thing (where x is included in index, and index is the template/layout). However, this isn't very secure for a admin panel:

Lets say the page was edit-news (index.php?page=edit-news). Index.php checks for the admin session, and if the session is there, then good. If it's not there, then it redirects to a login page. Here's the catch: someone could just go to edit-news.php, and they'd have access to the admin panel, because the session check is on the index.php file.

I asked one of my friends about how to do this, and he told me you have to use a class. I don't want to take the easy way out, and put the session check on the edit-news page. Can anyone help me out?
User avatar
Sevengraff
Forum Contributor
Posts: 232
Joined: Thu Apr 25, 2002 9:34 pm
Location: California USA
Contact:

Post by Sevengraff »

ive seen it done this way:

in index.php, before the include, define a variable like $IN_INDEX_PHP

then in the files that will be included, check if the variable exists. If it does not, then the file isn't being included.

Code: Select all

if( !isset( $IN_INDEX_PHP ) ) {
    die("No direct access");
}
Rahil
Forum Newbie
Posts: 17
Joined: Sun Feb 15, 2004 2:24 pm
Location: Toronto, Ontario, Canada

Post by Rahil »

Thanks, that works.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Hey Rahil its Johnny, Welcome to the forums :P
Rahil
Forum Newbie
Posts: 17
Joined: Sun Feb 15, 2004 2:24 pm
Location: Toronto, Ontario, Canada

Post by Rahil »

Thanks Johnny! Do I know you, or are you just welcoming a new user to the forums?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Rahil that hurt...

Esaloca? Cartizzle@hotmail.com? runtingsrecords.com?
Rahil
Forum Newbie
Posts: 17
Joined: Sun Feb 15, 2004 2:24 pm
Location: Toronto, Ontario, Canada

Post by Rahil »

lol, sorry Johnny, I didn't think it was you, I mean, there aren't many Johnnys :roll:
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Get your ass on msn I wanna talk to you.

BTW GO ENHANCED-GAMING.NET FOR WEBHSTING
Rahil
Forum Newbie
Posts: 17
Joined: Sun Feb 15, 2004 2:24 pm
Location: Toronto, Ontario, Canada

Post by Rahil »

Yes sir! :lol:
Post Reply