On my website, I want a few options to be enabled when someone logs in with an admin account. My question is about how to secure that admin account as much as possible. They way login is setup on my website is after authenticating login, i do this $_SESSION['status'] = 'authorized'; and then i say something like this:
<script>
$(document).ready(function(e) {
if(<?php echo ($_SESSION['status'] == 'authorized'); ?>) {
$('#account_window').show();
}
});
</script>
<div id="account_window">
//account stuff
</div>
With the addition of the master account I was thinking about adding this $_SESSION['master'] = 'authorized'; and then in the front page, I would add this code:
<script>
$(document).ready(function(e) {
if(<?php echo ($_SESSION['status'] == 'authorized'); ?>) {
$('#account_window').show();
}
});
</script>
<div id="account_window">
//account stuff
<?php if($_SESSION['master'] == 'authorized') { ?>
<div id="master_account">
//admin stuff like send users emails
</div>
<?php } ?>
</div>
But I feel like that is too easy, is that a safe way to authenticate the master account? If not, what is the best way to go about doing that?
It might be tempting to just "hide" the admin interface from non-admins, but that's fundamentally bypassable if someone just injects the right HTML into the page (e.g. with a GreaseMonkey script), or generates the requests manually.
You have to validate every action in PHP in order to get any actual security. Therefore, you need to check that the user is authorized when they submit any forms or commit an action, in PHP.