0

I have developed a website, where i have 2 access levels, users and admin. on the server, i have admin folder with all admin stuff and user folder with all user stuff. based on the username,password combination from login page, i am redirecting the user to appropriate location.

Everything is fine, but when user logs in and if he changes or types into the address bar, the pages from the admin folder then he is able to access them. How do i prevent this from happening?

like if the user is redirected to User.php and he changes the address to Admin.php he is getting access to all the admin stuff from there on.

I want to know how i can prevent a user from entering the Admin folder completely.
Thanks.

1
Contributor
1
Reply
2
Views
7 Years
Discussion Span
Last Post by scorpio222
0

I have figured it out. Just insert the following code in a php file and say this php is file in 'required' in every page of admin

session_start();

//if they are not an admin
if($_SESSION['access_level'] != 'admin'){ 

header('location: user.php');
exit();
}
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.