Page 1 of 1
login
Posted: Wed Aug 27, 2008 7:44 pm
by mockorange
Currently, the admin section of my site has no protection, and anyone can get into it. I want to create a login situation, which i can do, but i was wondering how do i make it so that people cant access admin.php without logging in first?
Re: login
Posted: Wed Aug 27, 2008 7:51 pm
by califdon
mockorange wrote:Currently, the admin section of my site has no protection, and anyone can get into it. I want to create a login situation, which i can do, but i was wondering how do i make it so that people cant access admin.php without logging in first?
Well, you have to login on
some page, so why not incorporate that into admin.php? Well, of course, you could use a different file that calls admin.php if the user is authenticated, but if you were going to do that, you should change the name of admin.php, since that's so commonly used, any hacker would know to try that anyway.
The only other way is to use an .htaccess file that refers to a .passwd file, if it's an Apache web server.
Re: login
Posted: Wed Aug 27, 2008 8:35 pm
by mockorange
thanks for the advice

Re: login
Posted: Thu Aug 28, 2008 1:19 am
by Zoxive
You could put something like.. on top of your admin.php page.
Very basic version..
Code: Select all
<?php
if(!$user->loggedin()){ // if not logged in
header("Location: my_url_here"); // redirect
exit();
}
Re: login
Posted: Thu Aug 28, 2008 7:47 am
by wolfwood16
you can use session to check the authentication and validity of the user.. plus the script suggested by Zoxive to redirect the user if not logged in.
