So I have set up a sign in form on the bottom of each of my pages on my website and set up a form with username and password fields. This is directed to a processing page that checks the database to give admin rights to the first field it encounter which will always be my admin account which is in the form of a session variable. On index.php in the php free chat folder I have added a check against that session variable and if true sets $params["isadmin"] = true;. This is all well and good I have it working where it recognizes me as admin and allows me to execute chat commands. My question is this:
When I signed in, at the bottom of the chat frame I have this warning:
Warning: because of "isadmin" parameter, everybody is admin. Please modify this script before using it on production servers !
Maybe I don't fully understand the way it works. I have hoped that by sending the param only to the admin that it would be restricted to that person that signed in. But does this apply to all who will sign in after as well? Is the setting stored somewhere in the file system and used from there on?
Just testing this locally right now before I know it's safe. Is there a better way to do this then?
Anyway wanted to give a big thanks to the people or person who made this great software. I am seeing all kinds of development possibilities and will be making a donation soon!