Modularizing Site Relative To Admin Pages - Chapter 2

[buckeye]

I have a modularized site in which all pages flow through the index.php.  Login/logout works fine using sessions, in which a administrative level user must be logged for the "Admin" menu icon to appear in the menu.  I have placed the 'admin' directory inside the 'module' directory.  When a logged in user clicks "Admin," I am having difficulty preventing it from running the script (and thereby displaying the admin page) without first requiring a login.  I have confirmed the directory is protected from direct access but not from running it.  I know it must be a permissions setting, however, I cannot find what the correct permissions need to be.  Is this possible? Below is the 'case' to load the admin panel over the index.php (again, the 'admin' directory is within the 'modules' directory):

	case 'admin-panel':
        $page = 'admin/admin-panel.inc.php';
        $page_title = 'Admin Panel';
        break;

I can avoid this by simply having an admin_panel.php or index.php within a password protected 'admin' directory, however, I would like to keep the modular pattern and maintain the admin accessibility through the menu.  Any suggestions would be appreciated.

[Necuima]

Hi, can you not check if the user is logged in as an administrator and if they are not, bypass or skip the admin-panel code?

 

Also, I would recommend that you don't call the admin directory 'admin' - it is too easy to identify by someone trying to cause harm. I use a really weird directory name for all my admin code.

 

In several websites that I have written, I keep all the admin stuff totally separate from the normal code even requiring a separate admin login, but that may not be suitable in your site.

 

For what it is worth.

 

Cheers