i'm creating a simple CMS for myself. There is a register form, i can register as the admin of the cms and then with login form, i can enter into admin area to write a new post or edit or delete posts.
But there is a problem. I typed the link of the admin page into browser from my cellphone to see if i can enter into admin area without login, and i faced with the admin page then!
So how can i fix it? For example in wordpress if i type the link of my friend's admin page in the browser, i can't access there and will face with login form, right?
Now how should i solve this security problem?
Jump to Post
You should be checking to see if the user is logged in and if the user is an admin.
What i would recommend is that when a user logs into your system and you check the credentials and roles, you should be storing some information in session variables. Then on …