Page 1 of 1

Restrict functions file?

Posted: Sun Dec 09, 2012 2:45 am
by ExtremeGaming
More of a question then a problem...

Is there any reason that I might want to put a sessions check in a functions file to check if only an admin uses it? For clarification I will give an example. I'm creating an admin backend for a friend's website and I am checking if say: add_user.php and mod_user.php are being accessed by an admin or not.
[syntax=php]
<?php
session_start();

// Session check
if($_SESSION['group'] != "Administrator") {
header("Location: $domain/index.php");
die;
}

// rest of code here including use of the function
?>[/syntax]

Is there any reason, after that check that I should include a session check in functions.php?
[syntax=php]
<?php
// ADMIN FUNCTIONS
session_start();

// Function to Salt and Hash passwords
function Secure($pass) {
// Stuff
}

// Function to add user to the site.
function add_user() {
// More stuff
}

// Function to modify a user.
function mod_user() {
// Rawr
}
?>[/syntax]

Re: Restrict functions file?

Posted: Sun Dec 09, 2012 9:57 pm
by jacek
No it would be pointless, even if someone did manage to access the file nothing would happen since none of the functions get called.

Re: Restrict functions file?

Posted: Sun Dec 09, 2012 9:59 pm
by ExtremeGaming
That's what I was thinking, but couldn't find anything on it. Ty :)