Disallow access to news.php, instead of index.php?page=news
Posted: Sun Feb 15, 2004 2:24 pm
Sorry about the long topic name, but I couldn't think of anything else. Anyways, I have an admin section on one of my sites, and I want to use the "index.php?page=x" thing (where x is included in index, and index is the template/layout). However, this isn't very secure for a admin panel:
Lets say the page was edit-news (index.php?page=edit-news). Index.php checks for the admin session, and if the session is there, then good. If it's not there, then it redirects to a login page. Here's the catch: someone could just go to edit-news.php, and they'd have access to the admin panel, because the session check is on the index.php file.
I asked one of my friends about how to do this, and he told me you have to use a class. I don't want to take the easy way out, and put the session check on the edit-news page. Can anyone help me out?
Lets say the page was edit-news (index.php?page=edit-news). Index.php checks for the admin session, and if the session is there, then good. If it's not there, then it redirects to a login page. Here's the catch: someone could just go to edit-news.php, and they'd have access to the admin panel, because the session check is on the index.php file.
I asked one of my friends about how to do this, and he told me you have to use a class. I don't want to take the easy way out, and put the session check on the edit-news page. Can anyone help me out?