Admin API
The Admin API provides functions and methods for managing the SLAED CMS administrative interface.
Table of Contents
Overview
The Admin API provides a set of functions for managing administrative tasks in SLAED CMS. These functions handle authentication, access control, and administrative information display.
Authentication Functions
checkAccess()
Authenticates and checks IP address access for administrative functions.
function checkAccess()This function performs two main checks:
- IP address verification against configured admin IPs
- HTTP Basic Authentication verification
setUnauthorized()
Sends HTTP 401 Unauthorized response for failed authentication attempts.
function setUnauthorized()Access Control
SLAED CMS provides granular access control for administrative functions:
IP Address Restrictions
// Configuration parameters
$confs['admin_ip'] // Comma-separated list of allowed IPs
$confs['admin_mask'] // IP mask level (1-3)
$confs['login'] // Admin login hash
$confs['password'] // Admin password hashModule Administration Rights
// Check if user is admin of specific module
function is_admin_modul($module)Admin Information
admininfo()
Displays administrative information and pending items.
function admininfo()This function provides information about:
- Pending user registrations
- Unapproved content (news, files, links, etc.)
- Waiting comments
- System statistics
Best Practices
Security Considerations
- Always verify administrative access before executing sensitive functions
- Use IP restrictions to limit administrative access
- Implement proper password hashing for admin credentials
- Regularly review and update admin IP whitelists
Implementation Guidelines
- Use the
is_admin()function to check admin status - Implement module-specific admin checks with
is_admin_modul() - Use
checkAccess()at the beginning of all admin scripts - Provide clear error messages for unauthorized access attempts