ADminstration

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

prince
New php-forum User
New php-forum User
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

ADminstration

Postby prince » Sun Apr 01, 2012 9:12 pm

how to restrict the users from not allowing to access the admin privilages using php?

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: ADminstration

Postby egami » Mon Apr 02, 2012 7:44 am

Develop userlevel privies within your scripts.

prince
New php-forum User
New php-forum User
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Re: ADminstration

Postby prince » Mon Apr 02, 2012 8:59 pm

Thanks egami,

the privilages has been developed but when directly accessing from the url it will be going to admin privilages


ex: if we have an admin privilage like Remove.php is the option for admin . But the user run the same file it will opening for the user also . So how restrict the user from redirecting..

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: ADminstration

Postby egami » Wed Apr 04, 2012 4:12 am

if ($_SESSION['userlevel'] < 100) {
die("You do not have access to this page.");
}

prince
New php-forum User
New php-forum User
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Re: ADminstration

Postby prince » Thu Apr 05, 2012 2:16 am

Thanks egami,

i have tried that one also .it is working in the localhost but it is not working in the live site.

User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: ADminstration

Postby egami » Thu Apr 05, 2012 12:31 pm

make sure that session_start() is at the beginning of your script.

prince
New php-forum User
New php-forum User
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Re: ADminstration

Postby prince » Mon Apr 09, 2012 9:47 pm

Thank you

the script has been kept before starting of the page
i given userlevel=1,adminlevel=5, though also using user level accessing the admin pages
by chagnging the url..


Return to “Server security”

Who is online

Users browsing this forum: No registered users and 1 guest