0

I've done this sort of stuff this Python/Django a lot, but today I have to do this in PHP on an existing half-finished code. This is my first time with PHP.

Basically it's you usual login system, with admin login and user login.

My users table in my database contanins sno, username, password, admin, where admin is 1 for users with admin privileges.

Now while logging in, I understand I can simply check for the admin value for the whoever has logged in and header("Location: adminhome.php"); if admin and header("Location: userhome.php"); if not.

But how do I stop a regular user from accessing, say, adminpage1.php which is meant only for admins?

This is my first and only a one time job with PHP, otherwise I would go through various guid

Improve this question
2
  • If this is a one time job, why not go with an out of the box CMS, or even just a framework like CodeIgniter? It will save you the hassle of having to implement these core functionalities. Commented Jun 22, 2013 at 11:01
  • When you log the user in, are you setting anything in the $_SESSION var? If so, just put a check on the admin page for if (isset($_SESSION['username']) === false){ header('Location: /') } for example. Commented Jun 22, 2013 at 11:01

1 Answer 1

Reset to default
2

After you verified that the user is an admin in the login.php, insert the follwoing

session_start();
$_SESSION["is_admin"] = true;

into login.php (or whaterver you called it, the file where the header() calls are, and insert into adminhome.php the following

session_start();
if(isset($_SESSION["is_admin"]) && $_SESSION["is_admin"])
{
    echo "You are an admin!";
}
else
{
    header("Location: userhome.php");
}

That is secure and should work.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Okay so in every page where I want only admins to access, I'll have to put this code : ` session_start(); if(isset($_SESSION["is_admin"]) && $_SESSION["is_admin"]) { echo "You are an admin!"; } else { header("Location: userhome.php"); } `
Yes exactly; useless sentence to get around character limit

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.