I'm developing an admin system for custom CMS. On all my pages which are part of the admin site I use a check_user() function. The check_user() function only does this:
function check_user()
{
session_start();
if ($_SESSION['username'] == "admin") {
} else {
header("location:admin.php");
}
}
Though it seems a bit simple, is this enough to keep away unwanted members from the site? How exploitable is $_SESSION[] vars are? Any suggestions to improve this function?
Thanks in advance!