I have developed a website, where i have 2 access levels, users and admin. on the server, i have admin folder with all admin stuff and user folder with all user stuff. based on the username,password combination from login page, i am redirecting the user to appropriate location.

Everything is fine, but when user logs in and if he changes or types into the address bar, the pages from the admin folder then he is able to access them. How do i prevent this from happening?

like if the user is redirected to User.php and he changes the address to Admin.php he is getting access to all the admin stuff from there on.

I want to know how i can prevent a user from entering the Admin folder completely.

I have figured it out. Just insert the following code in a php file and say this php is file in 'required' in every page of admin


//if they are not an admin
if($_SESSION['access_level'] != 'admin'){ 

header('location: user.php');