Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Admin.php only accessable for logged in members?
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Caedus
Hangin' Around



Joined: Jun 21, 2004
Posts: 39
Location: The Netherlands
PostPosted: Wed Jul 07, 2004 11:10 am Reply with quote
Hmm, my post doesn't seem to get saved Sad. I'll try to post it under this one.

[EDIT]

Sorry but it turned out to be my redirection script --> it was in html.

_________________
Arrow Caedus
RavensScripts

Last edited by Caedus on Wed Jul 07, 2004 11:13 am; edited 1 time in total 
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Caedus
PostPosted: Wed Jul 07, 2004 11:12 am Reply with quote
I've tried to get this working, but it just doesn't want to. I want admin.php only accessable if you're logged in as a registered user. It's not that hard to evade, but when hackers don't know about it, it might help.

This is what I've done:

After get_lang(admin); I added:
Code:
// Check if user is logged in


    global $user;


   if (!is_user($user)) {


And at the end of the file I made it this:
Code:
// If user is not logged in


   


   }


    else { 


*run a redirection script to index.php*


}





?>


Anyone can help me with this? I really think it's something easy I'm forgetting. Rolling Eyes
 
Caedus
PostPosted: Sat Jul 10, 2004 6:46 am Reply with quote
*bump*

Are you all laughing at my pathetic attempts? Or is this too easy? Help, as always, is much appreciated. Neutral
 
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Sat Jul 10, 2004 7:36 am Reply with quote
You need to check if the user is online, not just if he's a user. You need to check the sessions table to see if he has an active session. If you want to stop those feeble attempts, just install my admin http auth script [ Only registered users can see links on this board! Get registered or login! ] . BTW, in Sentinel 2.0 this will be an option to turn on/off Wink
 
View user's profile Send private message
Caedus
PostPosted: Sat Jul 10, 2004 4:39 pm Reply with quote
Raven wrote:
You need to check if the user is online, not just if he's a user.


Thanks for the reply Raven Smile! But I do just want to check if the visitor is a user. That's enough for me.

I already read that post and I think it's great, but it's also more complicated for the admins I've to train. And believe me, while my site should be safe, it should also be as simple as possible for the other admins, that already have trouble with trying to figure out how to submit news Wink .

So, how could I just check if the visitor is a logged in user, and if so allow them access, and if not, redirecting them?
 
Raven
PostPosted: Sat Jul 10, 2004 4:52 pm Reply with quote
I told you how in my previous post Wink Check the "sessions" table for their username.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©