Yesterday i was doing some stuff on the site, had it down in maint for a while and all of a sudden i was like what the heck! Someone had bypassed the maint mode via url and logged right in and i was not very happy because i had to redo the work i was doing in the db due to their activity.
So here is the idea and one way to solve this issue. And this is more than just checking to see if someone is admin because there may be two admins or a mod. So that process wont work. But here is one that will.
Have a admin assigned code in the db in addition to the pw, in a special table or on their user account or whatever. It can be var char so it can be whatever they want it to be, or write a process to encrypt it, but i think that might be too much, maybe someday it needs to be.
Anyway so you have a special code word in the admin user account that is additional to the password.
When maint mode is on, all logins are frozen, every url, every access is locked down and unavailable or gives a message that its turned off, with the exception of one.
Have a special link that admin can go to and use their username, pw, and this special code in order to get into the site. The admin can set up the link url via a admin config so only they know what the link url is. Store that code in a cookie or in session so they dont get kicked out all the time.
Now the admin can work on the site in a safe maint environment free from any collisions from members.
Regardless of what happens, this has to be addressed, maint mode means nothing if clients can just bypass it with a url and login, why even have it if that is the case.
Thanks.. :)
