How to modify Admin.php for registered user access only ?

New Member Joined: Aug 24, 2004 Posts: 4

Hello I'm pretty new to all this php and phpnuke stuff
I been trying to figure out if and how this would be done

I only want registered users to be able to access the admin.php
so the admins would have to log in as user before they can log on as admins.

can this be done or done easily ?

I'm lacking in the knowlege of how to confirm that a user is logged in.

I was thinking that if it did this by checking the user_id
admins could be assigned a specific user_id range so only those users
could access the admin.php to log in as Admins

also if this can be done can it also be set to redirect non users ?

Posted: Tue Aug 24, 2004 4:07 pm

You might want to use the admin auth in Sentinel so admins have to login http before they can see admin.php

Posted: Tue Aug 24, 2004 5:05 pm

Wrap everything from get_lang() down in this:

if(is_user($user)) {
// Rest of admin.php here
get_lang(admin);

function create_first($name, $url, $email, $pwd, $user_new) {
// blah blah blah

}else{
Header("Location: index.php");
exit;
}

Its not a bad post install approach to some mild security really. It could even be limited to a specific user or array of users with a little tweak.

Posted: Tue Aug 24, 2004 5:25 pm

GanjaUK wrote:

You might want to use the admin auth in Sentinel so admins have to login http before they can see admin.php

thanks for your quick response
that looks interesting but it's a more than I wanted
I just wanted it so it might appear that the admin.php was maybe not even there.

I find myself logging in anyway as a user for forum and posting purposes
so I figured maybe there would be a way to do it like that

I also was thinking of maybe even having different user levels where pages are restricted or limited.

thanks sixonetonoffun I'll have a look at that

another thought I just had if it would be possible to setup a virtual treasure hunt on php where different pages would look differently depending on where you've been on the website or answers to questions

ok maybe I'm biting of more than I can chew

But any way thanks you guys

Posted: Tue Aug 24, 2004 5:27 pm

Here is the beginning part with an allowed users array I like this better yet.

if(is_user($user)) {
$allowed_user = array(
"Peter",
"admin");

$userinfo = getusrinfo($user);
$username = $userinfo[username];
while(list($key,$value) = each($allowed_user)) {
if (!$username==$value) {
Header("Location: index.php");
exit;
}
}

Now we get rid of all but our own scum on the admin page lol!

Posted: Tue Aug 24, 2004 5:37 pm

I could do a treasure hunt like that but its not on my list of to do's at this time. If your interested in a quote try posting in the for hire forum.

Posted: Tue Aug 24, 2004 5:52 pm

well right now I'm most likely not going to
I just thought it might be kind of cool
I suppose if it was done correctly and it was fun, you'd get people coming to the website.

Right now I'm just trying to learn the basics, and will be spending my time just doing that

thanks again

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

In admin.php add this code after the require_once("mainfile.php"); line

Code:

if (!is_user($user)) {


   header("Location: index.php");


   die();


}

Posted: Sat Aug 28, 2004 3:11 pm

hey, thanks that one is pretty to the point

I've been trying

header("HTTP/1.0 404 Not Found");

but I guess it just prints the error since it doesn't seem to direct to the .htaccess.

so now I'm just using

Header("Location: admn.php");

which get the error 404 and then redirects to the index
that way when I'm looking in my logs at the 404 it will show up there