Restricting access to certain pages

I have several pages which are accessible by only users belonging to certain groups. I use the following lines in order to restrict access to those who have logged in:
//Start the session to retrieve access id and access level
//Allow levels to view page
if (isset($_SESSION['access_lvl']) && ($_SESSION['access_lvl'] == 1)||
   ($_SESSION['access_lvl'] == 2) || ($_SESSION['access_lvl'] == 3) ||
   ($_SESSION['access_lvl'] == 5) || ($_SESSION['access_lvl'] == 7) ||
   ($_SESSION['access_lvl'] == 9) || ($_SESSION['access_lvl'] == 10) ||
   ($_SESSION['access_lvl'] == 11) || ($_SESSION['access_lvl'] == 12) || ($_SESSION['access_lvl'] == 8)) {
   //Do nothing
} else {
      include 'not_allowed.php';
I also have another form to create users and assign them the access level. Is there a way I could grant or change access the user has without having to include this type of code in every restricted page?
Who is Participating?
gamebitsConnect With a Mentor Commented:
The way I usually do is I gave the user an access level and I make a page to redirect to the proper page according to their access level, I use a simple switch statement each case being a level access, on each page you have to check the page referer to make sure they are comming from the page who is doing the level check and if not redirecting them to the login, etc.
You could cut down on some of the checks

If($_SESSION['access_lvl'] >= 7) || ($_SESSION['access_lvl'] <= 12) } else {
      include 'not_allowed.php';

Or you could put the level check into a file and include that file

horaliaAuthor Commented:
I should have actually given more of an explanation of what I want to do. This site is an ongoing one, right now I have only 3 reports but I'll be adding more in the future. There are some reports which can be modified by a group and only viewed by another, and to make things more complicated, some users have access to change only some fields of the report. This is what I do to restrict access:

<input name="pages" type="text" size="5" class="yellow" onchange="checkNumber(this)" tabIndex="0"
            <?php if($dept!=1 and $dept!=4) echo "readonly"; ?> value="<?php printf($pages);?>">

I was wondering if there was a way to grant access to these users by using a form, thus making this more sophisticated instead of having every time that a new user will be added to the system, having to change his/her permissions by changing the code.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.