I'll let others answer the security question, but thought you might like to know that you can do this:
if ($this->params['prefix'] == 'admin'): ...to find out if the current request is an admin one. Jeremy Burns Class Outfit [email protected] http://www.classoutfit.com On 25 Nov 2010, at 11:43, Zakir wrote: > Hi, > > i have developed a website with cakephp 1.2. but i did not use ACL. > what i did is this > > app_controller.php > > function beforeFilter() > { > // if its the administrator/manager - change the layout > $admin_chk = strpos($_SERVER['REQUEST_URI'], > Configure::read('Routing.admin')); > > > if($admin_chk == true and $submenu_chk ==false ) > { > $this->layout='admin'; > $this->checkAdminSession(); > } > } > > function checkAdminSession() { > // if the admin session hasn't been set > if (!$this->Session->check('User') or $this->Session- >> read('Usertype') != 'admin') { > $this->Session->delete('User'); > $this->Session->delete('Usertype'); > $this->redirect('/users/login'); > exit(); > } > } > > > now this works perfectly fine. what i want to know is there any > security risk using this code? > > > > Regards, > Zakir > > Check out the new CakePHP Questions site http://cakeqs.org and help others > with their CakePHP related questions. > > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] For more options, visit this group at > http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
