Sorry I’m beginner in PHP MYSQL, I want to ask how to add exception in this paged for different type of users. I only have 3 types, ADMIN, TEAM LEADER and AGENT.
ADMIN = can access all the pages both TEAM LEADER and AGENT were not.
So the logic only ADMIN can visit this page if not head to the index.php
<?php
session_start();
include_once 'dbconnect.php';
if(!isset($_SESSION['user']))
{ header("Location: employee.php"); }
$res=mysql_query("SELECT * FROM accounts WHERE user_id=".$_GET['id']);
$userRow=mysql_fetch_array($res);
?>
Advertisement
Answer
On your log in page place this line in the code block where the user is found and validated… $_SESSION['UserGroup'] = $LoginRS['Permission'];
Whereas $LoginRS is the name of your sql query and ['Permission'] is the field in the database that stores user level permissions.
Then at the top of your page you can determine if the logged in user has permission to view this page…
<?php
if (!isset($_SESSION)) {
session_start();
}
if(isset($_SESSION['UserGroup']) && $_SESSION['UserGroup'] == 'Admin') {
?>
<body>
<html>
Page Content
</body>
</html>
<?php
} else {
header("Location: index.php");
exit;
} // end if user is not admin
?>