Admin Area

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
evans123
Forum Newbie
Posts: 18
Joined: Wed Nov 17, 2010 4:48 pm

Admin Area

Post by evans123 »

Whats the best way to secure an admin only area. If a user logins but doesn't have permissions to the admin area, and they try and access it directly e.g. http://www.mydomain.com/admin/users. Is there an error code you can use that basically says you don't have access to this area. I was thinking of the 401, but that seems to only be if they have entered an incorrect username and password combination.
User avatar
greyhoundcode
Forum Regular
Posts: 613
Joined: Mon Feb 11, 2008 4:22 am

Re: Admin Area

Post by greyhoundcode »

403 Forbidden possibly?

To be honest, I never change the HTTP status code in these situations, I just reroute to the login controller and provide an error message.
evans123
Forum Newbie
Posts: 18
Joined: Wed Nov 17, 2010 4:48 pm

Re: Admin Area

Post by evans123 »

But if the user is already logged in, and then they try and access it, but they don't have the requried userlevel what do i do then?
User avatar
greyhoundcode
Forum Regular
Posts: 613
Joined: Mon Feb 11, 2008 4:22 am

Re: Admin Area

Post by greyhoundcode »

How about a message saying, "Sorry - you don't have permission to use this feature - click here to return to the home page." Or similar.
Post Reply