SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Do I need to put admin pages in a folder?

    I am creating a section of a site that allows members to create a single web page about their business.

    I have therefore created registration / login pages and the associated MYSQL database and this all works fine.

    My question is, when they successfully log in, they should be shown an admin menu allowing them to choose whether to create / edit or preview their web page. Should this admin menu and the assciated link pages be within a folder on my server? Or is it fine to leave all the files in the root? I will restrict access to these pages by checking for a session variable.

    i.e

    http://www.mysite.com/admin/create.php

    OR

    http://www.mysite.com/create.php

    I thought I had read somewhere it is more secure to keep these kind of pages in a separate folder than the root.

    Thanks in advance

    Paul

  2. #2
    SitePoint Evangelist cronsrcs's Avatar
    Join Date
    Oct 2004
    Location
    UK
    Posts
    500
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    From a security POV I dont think that there is a difference between the 2 options that you present....From an organisational POV, I like to put them in separate folders to separate the functionality/ different sections of the site......
    www.silver-rocket.com
    Creative Solutions for this planet and beyond...
    www.onelifeonebus.com
    Fear fading away, not burning out.

  3. #3
    He's No Good To Me Dead silver trophybronze trophy stymiee's Avatar
    Join Date
    Feb 2003
    Location
    Slave I
    Posts
    23,426
    Mentioned
    2 Post(s)
    Tagged
    1 Thread(s)
    You can put them anywhere you want.

  4. #4
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I keep the admin stuff in a folder.

    In all the admin files i use require("auth.php") at the top. Auth.php contains security measures to check the person's authed, so they can't get into any of the files
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  5. #5
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Taunton, UK
    Posts
    787
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the swift replies. I will use an admin folder then as it sounds like the sensible way to go!!

    Many thanks

    Paul

  6. #6
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,044
    Mentioned
    187 Post(s)
    Tagged
    2 Thread(s)

    folder

    Quote Originally Posted by chuckylefrek
    I thought I had read somewhere it is more secure to keep these kind of pages in a separate folder than the root.
    Most likely what you are thinking of is folders that are "outside" of the root. These folders can not be HTTP requested and therefore add a level of security.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •