Skip to content
Advertisement

Security for websites

I am trying to add some security to my website which has an admin panel and a user page. So far my security has code which sends the user back to the login page if the user tries to access a page through the url. However, there is still one problem that remains. If I login as a user, the user can access the admin-panel. This should not be able to occur since it is an user not an admin.

Here is my code so far:

<?php

session_start();

if (!$_SESSION['username']) {
    header("Location: login.php");
}

Can anyone help me by telling me how to implement a piece of code that restricts the user to accessing the admin-panel.

Thank you!

Advertisement

Answer

Create a column for Access on your table for accounts, if the user is Standard User or System admin. then in your php code store the access in a session variable.

if($_SESSION['access']=='admin'){
     header("Location: admin-panel.php");
}else{
     header("Location: somewhereelse.php");
}
User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement