Restricting access to certain pages

I have several pages which are accessible by only users belonging to certain groups. I use the following lines in order to restrict access to those who have logged in:
<?php
//Start the session to retrieve access id and access level
session_start();
//Allow levels to view page
if (isset($_SESSION['access_lvl']) && ($_SESSION['access_lvl'] == 1)||
   ($_SESSION['access_lvl'] == 2) || ($_SESSION['access_lvl'] == 3) ||
   ($_SESSION['access_lvl'] == 5) || ($_SESSION['access_lvl'] == 7) ||
   ($_SESSION['access_lvl'] == 9) || ($_SESSION['access_lvl'] == 10) ||
   ($_SESSION['access_lvl'] == 11) || ($_SESSION['access_lvl'] == 12) || ($_SESSION['access_lvl'] == 8)) {
   //Do nothing
} else {
      include 'not_allowed.php';
      die();
}
I also have another form to create users and assign them the access level. Is there a way I could grant or change access the user has without having to include this type of code in every restricted page?
Horalia RodriguezIT DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gamebitsCommented:
You could cut down on some of the checks

If($_SESSION['access_lvl'] >= 7) || ($_SESSION['access_lvl'] <= 12) } else {
      include 'not_allowed.php';
      die();
}

Or you could put the level check into a file and include that file

0
Horalia RodriguezIT DeveloperAuthor Commented:
I should have actually given more of an explanation of what I want to do. This site is an ongoing one, right now I have only 3 reports but I'll be adding more in the future. There are some reports which can be modified by a group and only viewed by another, and to make things more complicated, some users have access to change only some fields of the report. This is what I do to restrict access:

<input name="pages" type="text" size="5" class="yellow" onchange="checkNumber(this)" tabIndex="0"
            <?php if($dept!=1 and $dept!=4) echo "readonly"; ?> value="<?php printf($pages);?>">

I was wondering if there was a way to grant access to these users by using a form, thus making this more sophisticated instead of having every time that a new user will be added to the system, having to change his/her permissions by changing the code.
0
gamebitsCommented:
The way I usually do is I gave the user an access level and I make a page to redirect to the proper page according to their access level, I use a simple switch statement each case being a level access, on each page you have to check the page referer to make sure they are comming from the page who is doing the level check and if not redirecting them to the login, etc.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.