Board index   FAQ   Search  
Register  Login
Board index System Administration Server security

ADminstration

Discussions about server security -- questions and answeres

Moderators: macek, egami, gesf

ADminstration

Postby prince » Sun Apr 01, 2012 9:12 pm

how to restrict the users from not allowing to access the admin privilages using php?
prince
New php-forum User
New php-forum User
 
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Re: ADminstration

Postby egami » Mon Apr 02, 2012 7:44 am

Develop userlevel privies within your scripts.
User avatar
egami
php-forum GURU
php-forum GURU
 
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: ADminstration

Postby prince » Mon Apr 02, 2012 8:59 pm

Thanks egami,

the privilages has been developed but when directly accessing from the url it will be going to admin privilages


ex: if we have an admin privilage like Remove.php is the option for admin . But the user run the same file it will opening for the user also . So how restrict the user from redirecting..
prince
New php-forum User
New php-forum User
 
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Re: ADminstration

Postby egami » Wed Apr 04, 2012 4:12 am

if ($_SESSION['userlevel'] < 100) {
die("You do not have access to this page.");
}
User avatar
egami
php-forum GURU
php-forum GURU
 
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: ADminstration

Postby prince » Thu Apr 05, 2012 2:16 am

Thanks egami,

i have tried that one also .it is working in the localhost but it is not working in the live site.
prince
New php-forum User
New php-forum User
 
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Re: ADminstration

Postby egami » Thu Apr 05, 2012 12:31 pm

make sure that session_start() is at the beginning of your script.
User avatar
egami
php-forum GURU
php-forum GURU
 
Posts: 2196
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Re: ADminstration

Postby prince » Mon Apr 09, 2012 9:47 pm

Thank you

the script has been kept before starting of the page
i given userlevel=1,adminlevel=5, though also using user level accessing the admin pages
by chagnging the url..
prince
New php-forum User
New php-forum User
 
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am


Return to Server security

Who is online

Users browsing this forum: No registered users and 1 guest

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.