问题
I have an admin system and a user system on my website. Some data on the user system will not change, but the admin data will change instead. So I was wondering if there was a way to restrict the admin session (when they login) only to the admin directory (/admin), so that it does not interfere with the rest of my website?
Thanks,
Lucas
回答1:
There are many ways to handle something like this. Probably the easiest is to check the permissions and $_SERVER['REQUEST_URI'], and if the user isn't in the admin/ area, redirect into it.
// Assuming you've saved an admin flag in session
// and the user request URI doesn't contain admin/
if ($_SESSION['admin'] === TRUE && !preg_match('/admin\//' $_SERVER['REQUEST_URI'])) {
// redirect into the admin/ area
header("Location: http://example.com/admin");
exit();
}
Update:
By popular request, here's the reverse to enforce an admin login in the admin/ directory
if ((!isset($_SESSION['admin'] || $_SESSION['admin'] === FALSE) && preg_match('/admin\//' $_SERVER['REQUEST_URI'])) {
// redirect out of the admin/ area
header("Location: http://example.com/");
exit();
}
Actually, assuming the admin pages are separate scripts, you don't really need the preg_match() in this part. But if you have an MVC pattern where the admin script may not actually be served from a file in the admin directory, use the regex match.
回答2:
It is not a solution, but it is a workaround. You can use same session for this too. Just create the session identifier for each path at the path name as
$_SESSION['path/to/admin']['var1'] = 'value1';
$_SESSION['path/to/admin']['var2'] = 'value2';
Such way, you can retrieve the value of path independent session variables.
回答3:
Use session_name before calling session_start. In that you may be able to differentiate between user and admin areas.
User
session_name("user"); session_start();Admin
session_name("admin"); session_start();
回答4:
Not sure I understood the question completely, but you can always check if the user is an admin, and if not, just redirect them from the admin system to the user system.
来源:https://stackoverflow.com/questions/10062829/how-to-restrict-a-session-to-a-directory-only-in-php