TalkPHP - View Single Post

Parvus · 01-09-2010, 12:09 PM

If you can access the admin page without logging in, it means that your not validating if the user is logged in or not.

You have to put a check around the whole admin page and not for 1 line of code.

PHP Code:


			
if(isset($_SESSION['login']) && $_SESSION['login']=='true'){

// Your admin code goes here

}

01-09-2010, 12:09 PM	#4 (permalink)
Parvus The Wanderer Join Date: Aug 2008 Posts: 21 Thanks: 1	If you can access the admin page without logging in, it means that your not validating if the user is logged in or not. You have to put a check around the whole admin page and not for 1 line of code. PHP Code: `if(isset($_SESSION['login']) && $_SESSION['login']=='true'){ // Your admin code goes here }`