restrict user access on certain pages

**whiteyoh** · Jun 30 '08, 10:22 AM

I had this problem. I got over it by using 2 sessions (User and Admin). Each page that contains the session at the top checks to see what type of session the user is in and either allows, or header redirects to the index.

Another way could be to have a separate section. for example

yourdomain.com

and
yourdomain.com/admin

The admin index would be exactly the same, just rename the sessions. You can also use sql statements in the session code too, meaning you could add a column in your user table to include access rights maybe?

Heres an example of what i have used

Code:

<?php
session_start();
include "conn.inc.php";

if (isset($_POST['submit'])) {
  $query = "SELECT username, password FROM user_info " .
           "WHERE username = '" . $_POST['username'] . "' " .
           "AND password = (PASSWORD('" . $_POST['password'] . "'))";
  $result = mysql_query($query) 
    or die(mysql_error());

  if (mysql_num_rows($result) == 1) {
    $_SESSION['user_logged'] = $_POST['username'];
    $_SESSION['user_password'] = $_POST['password'];
    header ("Refresh: 5; URL=" . $_POST['redirect'] . "");
    echo "You are being redirected to your original page request!<br>";
    echo "(If your browser doesn't support this, " .
         "<a href=\"" . $_POST['redirect']. "\">click here</a>)";
  } else {
?>

restrict user access on certain pages

restrict user access on certain pages

Comment