Creating an admin area? |
[eluser]ChrisF79[/eluser]
I have a number of scripts used for administration that I'd like to secure. Currently, I can get to my one admin script by going to http://www.mydomain.com/index.html/cron.php but clearly anybody could get to that. What's the best way to secure that?
[eluser]Procode[/eluser]
The way I secure my admin area is with a function that actually checks if a user is in fact an admin or if it's a simple user area then I just check if they are logged in... Code: function __construct() and my is_logged_in function checks if they are logged in and redirects them if they are not.
[eluser]Stefan Hueg[/eluser]
If you want to have your controller only accessible using the command line php, you could use this preset (which I'm using for my cronjob-controller): Code: class Cron extends CI_Controller If it's not related to CI: Code: public function is_cli_request() And if you want to have a whole admin area secured, use sessions and user logins.
[eluser]Ayeyermaw[/eluser]
Have a read of Phil Sturgeon's excellent example of what I think is exactly what you're looking for: http://philsturgeon.co.uk/blog/2010/02/C...ing-it-DRY |
Welcome Guest, Not a member yet? Register Sign In |