I am trying to add some security to my website which has an admin panel and a user page. So far my security has code which sends the user back to the login page if the user tries to access a page through the url. However, there is still one problem that remains. If I login as a user, the user can access the admin-panel. This should not be able to occur since it is an user not an admin.
Here is my code so far:
<?php
session_start();
if (!$_SESSION['username']) {
header("Location: login.php");
}
Can anyone help me by telling me how to implement a piece of code that restricts the user to accessing the admin-panel.
Thank you!
Advertisement
Answer
Create a column for Access on your table for accounts, if the user is Standard User or System admin. then in your php code store the access in a session variable.
if($_SESSION['access']=='admin'){
header("Location: admin-panel.php");
}else{
header("Location: somewhereelse.php");
}