Creating an admin area?

[eluser]ChrisF79[/eluser]
I have a number of scripts used for administration that I'd like to secure. Currently, I can get to my one admin script by going to http://www.mydomain.com/index.html/cron.php but clearly anybody could get to that. What's the best way to secure that?

[eluser]Procode[/eluser]
The way I secure my admin area is with a function that actually checks if a user is in fact an admin or if it's a simple user area then I just check if they are logged in...

Code:

function __construct()
      {
          parent::__construct();
    $this->is_logged_in();
      }

and my is_logged_in function checks if they are logged in and redirects them if they are not.

[eluser]Stefan Hueg[/eluser]
If you want to have your controller only accessible using the command line php, you could use this preset (which I'm using for my cronjob-controller):

Code:

class Cron extends CI_Controller
{
function __construct()
{
  parent::__construct();
  if (!$this->input->is_cli_request())
  {
   log_message('error', 'CRON - direct access denied');
   die();
  }
}
}

If it's not related to CI:

Code:

public function is_cli_request()
{
  return (php_sapi_name() == 'cli') or defined('STDIN');
}

And if you want to have a whole admin area secured, use sessions and user logins.

[eluser]Ayeyermaw[/eluser]
Have a read of Phil Sturgeon's excellent example of what I think is exactly what you're looking for:
http://philsturgeon.co.uk/blog/2010/02/C...ing-it-DRY