Page 1 of 1

Disallow access to news.php, instead of index.php?page=news

Posted: Sun Feb 15, 2004 2:24 pm
by Rahil
Sorry about the long topic name, but I couldn't think of anything else. Anyways, I have an admin section on one of my sites, and I want to use the "index.php?page=x" thing (where x is included in index, and index is the template/layout). However, this isn't very secure for a admin panel:

Lets say the page was edit-news (index.php?page=edit-news). Index.php checks for the admin session, and if the session is there, then good. If it's not there, then it redirects to a login page. Here's the catch: someone could just go to edit-news.php, and they'd have access to the admin panel, because the session check is on the index.php file.

I asked one of my friends about how to do this, and he told me you have to use a class. I don't want to take the easy way out, and put the session check on the edit-news page. Can anyone help me out?

Posted: Sun Feb 15, 2004 3:25 pm
by Sevengraff
ive seen it done this way:

in index.php, before the include, define a variable like $IN_INDEX_PHP

then in the files that will be included, check if the variable exists. If it does not, then the file isn't being included.

Code: Select all

if( !isset( $IN_INDEX_PHP ) ) {
    die("No direct access");
}

Posted: Sun Feb 15, 2004 5:25 pm
by Rahil
Thanks, that works.

Posted: Mon Feb 16, 2004 8:52 pm
by John Cartwright
Hey Rahil its Johnny, Welcome to the forums :P

Posted: Tue Feb 17, 2004 5:34 pm
by Rahil
Thanks Johnny! Do I know you, or are you just welcoming a new user to the forums?

Posted: Tue Feb 17, 2004 5:41 pm
by John Cartwright
Rahil that hurt...

Esaloca? Cartizzle@hotmail.com? runtingsrecords.com?

Posted: Tue Feb 17, 2004 5:42 pm
by Rahil
lol, sorry Johnny, I didn't think it was you, I mean, there aren't many Johnnys :roll:

Posted: Tue Feb 17, 2004 5:46 pm
by John Cartwright
Get your ass on msn I wanna talk to you.

BTW GO ENHANCED-GAMING.NET FOR WEBHSTING

Posted: Tue Feb 17, 2004 5:48 pm
by Rahil
Yes sir! :lol: