0

I am building a mini social network for my sports club and want to create a 'admin' section that admin's can manage user accounts from, such as ban user, delete user etc.

I am using tank auth to handle the authentication of the normal site users but now I need another secure area for admins. What is the best approach for me to handle this? Do I add another field to the users table named admin with a 1 for yes and 0 for no. Then check in the admin dashboard controller if the user is admin or not?

Ideally I'd like the average user to not be able to see a login form for admin area. So if joe bloggs (who is a registered member of the site) guesses mydomain.com/admin they wont see anything there, only admin users would.

If there is a better way I should approach this, I'd be grateful for advice.

1 Answers1

0

It's what I would do yes, since Tank-auth select the complete row, it should be automatically added to your object if you add the field in the table.

$user = $this->users->get_user_by_id($this->tank_auth->get_user_id(), TRUE);

if($user->admin == 1){ 
    //this user is admin 
}

It's the most simple way to do it.

Jeff B.
  • 1,117
  • 3
  • 16
  • 40
  • 1
    Thanks, do you think this is secure enough? –  Feb 17 '13 at 19:20
  • What do you mean by not secure? If all for admins are in the if condition, then yes it is safe. The only annoying thing is that you have to set it manually in the database. Set the default value to 0 and it's perfectly fine and safe. – Jeff B. Feb 17 '13 at 19:24
  • ok cool. thats not a major issue for me, i dont see more than 2 or 3 admins. Thanks! –  Feb 17 '13 at 19:27