Necuima Posted February 25, 2014 Share Posted February 25, 2014 Hi, I recently restructured a website along the modularization lines (page 44 onwards). The content modules all start with a check to see if the BASE_URL constant has been defined and redirect the user if it has not been defined. This is clear and works just fine in the visitor-accessible part of the site. In the administration part of my website, the modules also check to make sure that an administrator is using the script via a check to a session set up like page 82 onwards. I am having trouble with 'headers already sent' and understand why this is happening and know how to fix that. But my question is do I need both the BASE_URL constant check as well as the administrator/session check in the admin content scripts? There are no financials in the website and also no sensitive data in the database though I need to ensure that non-administrators cannot use the admin scripts. Your thoughts/advice will be welcomed. Cheers from Oz. Link to comment Share on other sites More sharing options...
Larry Posted March 3, 2014 Share Posted March 3, 2014 Sorry for not replying earlier. So the BASE_URL check is there to prevent something from being accessed directly (if I recall correctly). I would argue it's worth having in there. Link to comment Share on other sites More sharing options...
Necuima Posted March 9, 2014 Author Share Posted March 9, 2014 Hi Larry, Thanks for getting back to me. Yes, in the end I left both the checks in the admin section and the BASE_URL check in the 'public-view' section. Cheers from Oz. Link to comment Share on other sites More sharing options...
Recommended Posts