rapidoodle
Reputation: 340
prevent user enter account page without log in and restrict users pages to visit
Good day again. Im trying to create a system with different users. Client, Laboratory Assistant, Personnel and the admin. What I want is i want to restrict the users visit the pages which they don't belong. E.g(Client visiting admin pages).
Here is code i tried to each page but still can visit every any page.
session_start();
if($_SESSION['Classification'] == 'Client') {
header('Client-home.php');
} else if($_SESSION['Classification'] == 'Computer Laboratory Assistant') {
header('la-home.php');
}else if($_SESSION['Classification'] == 'Personnel') {
header('personnel-home.php');
}else {
header('admin.php'); }
Any help is much appreciated.
<?php
session_start();
include("connect.php");
include("function.php");
$username = $_POST['username'];
$password = $_POST['password'];
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$idUser = $_SESSION['idUser'];
//$username = stripslashes($username);
//$password = stripslashes($password);
//$username = mysql_real_escape_string($username);
//$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM tbl_user WHERE username = '$username' and password = '$password'";
$SelQuery = $executeQuery = mysql_query($sql) or die(mysql_error());
$row_User = mysql_fetch_assoc($SelQuery);
$_SESSION['idUser'] = $row_User['idUser'];
$_SESSION['lName'] = $row_User['lName'];
$_SESSION['fName'] = $row_User['fName'];
if($row_User['Classification'] == 'Client'){
header("Location: client-home.php");
}elseif($row_User['Classification'] == 'Personnel'){
header("Location: personnel-home.php ");
}elseif($row_User['Classification'] == 'Administrator'){
header("Location: admin.php");
}else{
header("Location: login_error.php");
}
?>
This is my login page. I guess this cause the conflicts
Upvotes: 0
Views: 1725
Answers (1)
Shankar Narayana Damodaran
Reputation: 68486
On your Client-home.php and other files you need to implement the same...
Client-home.php
session_start();
if($_SESSION['Classification'] != 'Client')
{
header("Location : Noaccess.php");
exit;
}
Upvotes: 1
Related Questions
- PHP, Prevent users from accessing a page while not logged in?
- How to only make page accessible if user is logged in using php
- Make page inaccessible if username / password is not typed. PHP
- How to make an page only accessible when logged in PHP
- Prevent user to access if has not logged in
- Require user to login for certain pages
- Prevent opening page without login
- php disable user to access certain page unless login
- How to restrict users from entering a page without being logged on
- PHP looking for a neat way to prevent unauthorised users from viewing pages