Hello,

At the request of a client I have written a little app that sends an email to all users with the administrator bit set. Simple script, but I need some help in securing it. I would like 2 things:

1. Only the admin user to be able to see the link in the menu. I see that is done in navi.inc.php, but I can't quite sort out the exact way to do it, and

2. I want any attempts to call this page directly to be either authenticated as a logged in admin user or redirected to the login page as all the other pages do.

Can someone point me in the right direction?

Thanks

Jon

It seems that I might be able to make this easier. I only want the single admin user to be able to use this link. Therefore, it's probably not necessary to introduce the full blown ISPConfig authentication routine. All I need to do is see if the admin user is logged in.

I know that the $go_info["user"]["user_id"] contains the user id of the logged on user, but it is not available on my new page so I assume there is some include or function I need to call first in order to load this array.

Any assistance?

Thanks

Jon

So you need the $go_info["user"]["user_id"] on a normal web page?

In two places, actually.

I need it in nav.inc.php in order to only show the link to the new page to the admin user, and then I need it in the new page itself (newpage.php, let's call it) so that it can't be called directly.

In the second instance, I guess I would be happy with anything that stops the page from being displayed outside of the ISPConfig frame. It could even just direct everyone that tries to access it to the ISPConfig login and then if it is the legitimate admin that wants it, he can can log in and then access it via the menu item.

Does that make sense?

Thanks

Jon

Hi

Anyone have any ideas for me?

Thanks

Jon

Not really... :(

Really?

Let me simplify, then.

All I want is for my new menu link to only show up for the admin user.

Jon

Is there no way to do this?

Honestly, I just need to know if this is even possible at this point.