Hello.
i'm creating a simple CMS for myself. There is a register form, i can register as the admin of the cms and then with login form, i can enter into admin area to write a new post or edit or delete posts.
But there is a problem. I typed the link of the admin page into browser from my cellphone to see if i can enter into admin area without login, and i faced with the admin page then!
So how can i fix it? For example in wordpress if i type the link of my friend's admin page in the browser, i can't access there and will face with login form, right?
Now how should i solve this security problem?
Niloofar24
15
Posting Whiz
Recommended Answers
Jump to PostUse sessions to stored the logged in user.
When the users logs in you need to save that info(UserId for example) on the Session.
And in every page load you must check if the session is valid.
If there's no session it means that the user did not logged in, …
All 3 Replies
AleMonteiro
238
Can I pick my title?
JorgeM
958
Problem Solver
Team Colleague
Featured Poster
Niloofar24
15
Posting Whiz
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.