1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 11:30 pm Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

ADMIN Security

Looking for Safe Admin functionality

         

HeadBut

6:11 pm on Sep 16, 2004 (gmt 0)

10+ Year Member



I'd like a safe way to imbed my admin tools in the regular user pages. Is this a bad idea?

Is it safe to do this:

<?php
if($Admin){?>
<INPUT TYPE="Submit" NAME="operation" VALUE="Delete Record" onClick="return confirm('Really delete this ENTIRE record?')">
<?php
}?>

of course I would also do this:

<?php
if(($_POST['operation'] == "Delete Record") AND $Admin){
Delete function here.
}?>

thanks!

mincklerstraat

6:27 pm on Sep 16, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I'd think a lot of this would hang on how safe that variable $Admin is. Make sure it's set to false at the beginning of the run of your script. $Admin = ''; or $Admin = FALSE;

Then set it to 1 only if you're really sure that the right conditions are met. Also, glue all your included files together so a hacker couldn't somehow include one after doing bad stuff to another one (and by all means name these files with the php extension). Do this by defining a constant at the beginning of each of the files that can be called, and checking to see if this has actually been definied in each of the files that needs to get included. If this has been done in a watertight fashion, it shouldn't even matter whether register globals is on or off. But just to be more careful, turn register globals off.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 11:30 pm Apr 28, 2026