I am creating an admin panel for my website. I have heard that it is possible to protect it in the following way:
Admins (who should be able to access the admin panel) get a certain cookie.
This cookie then allows them to get into the admin panel when they go to the panel directory.
When anyone else goes to the panel directory, just gets taken back to the homepage, and doesn't see anything on the panel
Typically this is done via PHP session-handling (e.g. starting with the session_start() function, and when the user logs in, add a setting in $_SESSION to indicate whether they are an admin user. Then on your admin-only pages, your logic would be something like:
PHP Code:
<?php // this must be the first line: no output of any kind before it
session start();
if(empty($_SESSION['is_admin'])) {
header("Location: http://www.example.com/default_landing_page.php");
exit;
}
// rest of page...
?>
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
Reply With Quote
Bookmarks