I have an admin system and a user system on my website. Some data on the user system will not change, but the admin data will change instead. So I was wondering if there was a way to restrict the admin session (when they login) only to the admin directory (/admin), so that it does not interfere with the rest of my website?
Thanks,
Lucas
There are many ways to handle something like this. Probably the easiest is to check the permissions and $_SERVER['REQUEST_URI'], and if the user isn't in the admin/ area, redirect into it.
// Assuming you've saved an admin flag in session
// and the user request URI doesn't contain admin/
if ($_SESSION['admin'] === TRUE && !preg_match('/admin\//' $_SERVER['REQUEST_URI'])) {
// redirect into the admin/ area
header("Location: http://example.com/admin");
exit();
}
By popular request, here's the reverse to enforce an admin login in the admin/ directory
if ((!isset($_SESSION['admin'] || $_SESSION['admin'] === FALSE) && preg_match('/admin\//' $_SERVER['REQUEST_URI'])) {
// redirect out of the admin/ area
header("Location: http://example.com/");
exit();
}
Actually, assuming the admin pages are separate scripts, you don't really need the preg_match() in this part. But if you have an MVC pattern where the admin script may not actually be served from a file in the admin directory, use the regex match.
It is not a solution, but it is a workaround. You can use same session for this too. Just create the session identifier for each path at the path name as
$_SESSION['path/to/admin']['var1'] = 'value1';
$_SESSION['path/to/admin']['var2'] = 'value2';
Such way, you can retrieve the value of path independent session variables.
Use session_name before calling session_start. In that you may be able to differentiate between user and admin areas.
User
session_name("user");
session_start();
Admin
session_name("admin");
session_start();
Not sure I understood the question completely, but you can always check if the user is an admin, and if not, just redirect them from the admin system to the user system.
