0

Hello guys
today when i checked my script I noticed my sessions are not protected,
when user log in his username stored in session variable lets call it $_SESSION['user'], and I use this session variable in many function
ex. when uploading a file the name of user taken from session var., when check this is a user or admin use the session var.

check_admin ($SESSION['user']);
function check_admin($var) {
//SQL search for $var in TABLE WHERE is admin = 1
// IF success go to admin panel
// else go to login page 
}

so I thought if someone create a session with the same name of mine $_SESSION['user'] and entered the admin control panel he will get acces I think, because I check the name of admin only,
how can I protect session so only the one with username and password can enter the script.

2
Contributors
1
Reply
25
Views
4 Years
Discussion Span
Last Post by LastMitch
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.