How to set admin sessions in php

Archbob

Just wondering. If programming something like a message board or a portal, how do you define the difference between admin and user sessions. Setting a session is something like this:

  session_register('username')

To define an admin session I read somewhere that it should be like:

  session_register('username', 'admin')

and then on all pages that require admin access use the following check:

 (isset($_SESSION['username'], admin))

But it doesn't seem to work, anyone help me?

coditoergosum

Why not just have a boolean session var called $is_admin (or something)? Then you can just check the var to see if it's turned on.


session_register('username');
session_register('is_admin');

if ($_SESSION['is_admin'] == "1") {
// do admin only stuff here
}

Archbob

Thanks, that clears things up a bit.

aran

It would be somewhat more secure to have the users password encrypted into md5 passed from page to page using the session, and then checking it against the database at every new page load.

you can use the md5("string to encrypt"); function to encrypt into an md5 hash, then you can session_register that. At the beginning of every page you can run a quick SQL query or what-not that checks to make sure the user's password is right and that he is an admin.

It would be slightly slower, but you'd rather be safe than sorry 🙂

Archbob

How do you check it against a database at the begginning of each page?