Page 1 of 1

login

Posted: Wed Aug 27, 2008 7:44 pm
by mockorange
Currently, the admin section of my site has no protection, and anyone can get into it. I want to create a login situation, which i can do, but i was wondering how do i make it so that people cant access admin.php without logging in first?

Re: login

Posted: Wed Aug 27, 2008 7:51 pm
by califdon
mockorange wrote:Currently, the admin section of my site has no protection, and anyone can get into it. I want to create a login situation, which i can do, but i was wondering how do i make it so that people cant access admin.php without logging in first?
Well, you have to login on some page, so why not incorporate that into admin.php? Well, of course, you could use a different file that calls admin.php if the user is authenticated, but if you were going to do that, you should change the name of admin.php, since that's so commonly used, any hacker would know to try that anyway.

The only other way is to use an .htaccess file that refers to a .passwd file, if it's an Apache web server.

Re: login

Posted: Wed Aug 27, 2008 8:35 pm
by mockorange
thanks for the advice :D

Re: login

Posted: Thu Aug 28, 2008 1:19 am
by Zoxive
You could put something like.. on top of your admin.php page.

Very basic version..

Code: Select all

<?php
 
if(!$user->loggedin()){ // if not logged in
  header("Location: my_url_here"); // redirect
  exit();
}
 

Re: login

Posted: Thu Aug 28, 2008 7:47 am
by wolfwood16
you can use session to check the authentication and validity of the user.. plus the script suggested by Zoxive to redirect the user if not logged in. :wink: