I am trying to add some security to my website which has an admin panel and a user page. So far my security has code which sends the user back to the login page if the user tries to access a page through the url. However, there is still one problem that remains. If I login as a user, the user can access the admin-panel. This should not be able to occur since it is an user not an admin.
Here is my code so far:
<?php session_start(); if (!$_SESSION['username']) { header("Location: login.php"); }
Can anyone help me by telling me how to implement a piece of code that restricts the user to accessing the admin-panel.
Thank you!
Advertisement
Answer
Create a column for Access on your table for accounts, if the user is Standard User or System admin. then in your php code store the access in a session variable.
if($_SESSION['access']=='admin'){ header("Location: admin-panel.php"); }else{ header("Location: somewhereelse.php"); }