1

I have been looking into ways to preventing people form accessing and viewing certain information and haven't found the right information that applies to my case. I have an admin PHP file that allows admins to delete users and see users and other powers and I want to stop people from being able to directly access this file if they got the file name. I can hide all my information on my page under certain _SESSION variables however this means I have to enter this on every bit of code which is possible but would take a bit of time.

Lets say my home page is "www.test.com/forum/index.php" a user could just change it to "www.test.com/forum/admin.php" to gain access. Is their a method I can prevent people from using this while still allowing Admin Panel to be used ?

Is their a method I can put all restricted files into a folder (www.test.com/forum/restricted/admin.php) all restricted files being ones that can't be directly accessed ? Even better if Admins or people with the right _SESSION variable can still use direct links.

How do people go about this ? Would like to see different answers from people if possible to get an understanding of this.

  • [deny-direct-access-to-a-folder-and-file-by-htaccess](https://stackoverflow.com/questions/9282124/deny-direct-access-to-a-folder-and-file-by-htaccess) might help – berend Nov 26 '21 at 10:31
  • You could add a role variable to your session variable and then check when entering the page if the user has the right role to view the page. If you even want to take it a step further you can add permissions to a role and check the permissions for every item on the page. –  Nov 26 '21 at 10:57

0 Answers0