ADminstration

Discussions about server security -- questions and answeres

Moderators: egami, macek, gesf

Post Reply
prince
New php-forum User
New php-forum User
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Sun Apr 01, 2012 9:12 pm

how to restrict the users from not allowing to access the admin privilages using php?
Top
User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2192
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Mon Apr 02, 2012 7:44 am

Develop userlevel privies within your scripts.
Top
prince
New php-forum User
New php-forum User
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Mon Apr 02, 2012 8:59 pm

Thanks egami,

the privilages has been developed but when directly accessing from the url it will be going to admin privilages


ex: if we have an admin privilage like Remove.php is the option for admin . But the user run the same file it will opening for the user also . So how restrict the user from redirecting..
Top
User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2192
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Wed Apr 04, 2012 4:12 am

if ($_SESSION['userlevel'] < 100) {
die("You do not have access to this page.");
}
Top
prince
New php-forum User
New php-forum User
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Thu Apr 05, 2012 2:16 am

Thanks egami,

i have tried that one also .it is working in the localhost but it is not working in the live site.
Top
User avatar
egami
php-forum GURU
php-forum GURU
Posts: 2192
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT

Thu Apr 05, 2012 12:31 pm

make sure that session_start() is at the beginning of your script.
Top
prince
New php-forum User
New php-forum User
Posts: 15
Joined: Mon Mar 26, 2012 3:43 am

Mon Apr 09, 2012 9:47 pm

Thank you

the script has been kept before starting of the page
i given userlevel=1,adminlevel=5, though also using user level accessing the admin pages
by chagnging the url..
Top
Post Reply

Return to “Server security”