Prevent direct URL access

Forum Moderators: phranque

Message Too Old, No Replies

Prevent direct URL access

help concerning direct URL access

webnewbie

11:54 pm on Apr 22, 2010 (gmt 0)

hello,

i'm currently designing a website which provides a user login facility.

the website also has specific administrator only pages however and i fear these could be access with no login required by simply typing the page URL into the address bar.

is there any method to prevent this?

my website makes use of HTML, PHP and JavaScript. a solution in any of these would be very helpful.

thanks.

astupidname

12:39 am on Apr 23, 2010 (gmt 0)

Hi webnewbie and welcome to webmasterworld!
You say you are already utilizing a login facitlity, so just use that method to protect the admin pages by checking that it is either you or another user with administrative privileges that is logged in and attempting to access the admin page/s. If not, show a blank page or some message or re-direct. Many ways to go about it. You could provide a column in the database for users that have administrative privileges (could even set different levels of accessibility such as 0 through 10, 10 being full privileges, 0 being non-admin etc..) if that were necessary for you to allow some others to have administrative access. But if it is just you, just check that it is you who is logged in.

webnewbie

1:08 pm on Apr 23, 2010 (gmt 0)

i already had different levels of accessibility set to determine what navigation bar non members/members/admins see so i just added a few lines of code concerning admin status into the pages i wished to hide to normal users and the problem is solved!

thanks for your help astupidname!