Home/ Questions/Q 8751711
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T13:06:04+00:00

I want to write a script that can only be accessed by an administrator.

  • 0

I want to write a script that can only be accessed by an administrator.

This is how I want to do it:

session_start();

if (!isset($_SESSION['user_id'])) { //not logged in

    //redirect to homepage
    header("Location: http://domain.com/index.php");
    die();

}

if ($_SESSION['user_level'] != 1337) { //not admin

    //redirect to homepage
    header("Location: http://domain.com/index.php");
    die();

}

if ($_SERVER['REQUEST_METHOD'] == 'POST') { //form is submitted

    //validate the submitted data
    //submit the query

}

//form goes here

My question is: Is there a better way of validating this (eg. should all three conditionals be nested) or is this enough?

Cheers,

n1te

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If it’s not possible that persons rights will change on the fly (namely: you remove admins right), then this should be enough, although I’d build a function:

    function IsAdmin() {
    if( !isset($_SESSION['user_level'])){
        return false;
    }

    return ($_SESSION['user_level'] == 1337);
}

    For the case you’ll use extended rights checking in future.

    • 0