1

I am developing a website that requires several user types. I have been able to redirect the user types to different homages based on user roll/type after they login. However, I need to restrict the Admin portion of the site to just admin role types. I am storing a "1" or "2" into the database based on user type/role. I am using the "session_start" and "session_is_registered" to check the user information. What do I need to add to this code to restrict users with a role type of "1" from seeing the page.

session_start();
if(!session_is_registered(username)){
header('Location: ../admin/index.php');
}
Improve this question
2
  • session_is_registered() is deprecated. Commented Jun 25, 2012 at 19:31
  • you can use ENUM type in database field, and check the role with require ing a php file Commented Jun 25, 2012 at 19:32

2 Answers 2

Reset to default
5

Store the users role in a session variable

$_SESSION["role"]=1;

or

$_SESSION["role"]=2;

depending on the stored user information.

Then when you check the permissions, you just check this variable:

if($_SESSION["role"]==2){
  header('Location: ../admin/index.php');
} else {
  echo "you need the admin role to view this page!";
}

Another advice: It would be better to check the permissions in ../admin/index.php and redirect back to the default page if the user does not have the admin role. Otherwise users might be able to directly browse to ../admin/index.php if they know the URL.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

You have a typo; $_SESSION["role"}=2; should be $_SESSION["role"]=2;. Notice the ].
So I am still having issues. I need to hide all admin pages from anyone that is not an admin. All users are required to log in to the site. I have the redirect setup so people with a "roletype" of 1 go the admin and "2" go to the home page. I need to restrict access for "2" to admin pages.
0

Just nest your if statement. If they are an admin, direct them to an admin page otherwise send them somewhere else.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.