Restricting access to PHP pages
I am building (or trying to!) a password restricted site where different user-levels see different content.
I am using the code attached below to start the session, login and display the relevant pages according to the users status.
The problem is that none of the pages are restricted so for example if a member logs in they are shown the links...'Change Password', 'Log out', and 'Admin'
But non members can still see these pages if they navigate directly to the URL.
It seems as if the code below only displays links according to user level but does not offer any restrictions to those pages.
How would I add this? It would simply need to be a function that redirects users to a login page if they are not logged in.
I am using the code attached below to start the session, login and display the relevant pages according to the users status.
The problem is that none of the pages are restricted so for example if a member logs in they are shown the links...'Change Password', 'Log out', and 'Admin'
But non members can still see these pages if they navigate directly to the URL.
It seems as if the code below only displays links according to user level but does not offer any restrictions to those pages.
How would I add this? It would simply need to be a function that redirects users to a login page if they are not logged in.
<div id="AdminMenu">
<?php # Script 16.1 - header.html
// This page begins the HTML header for the site.
// Start output buffering:
ob_start();
// Initialize a session:
session_start();
?><?php
// Displaylinks based upon thelogin status:
if (isset($_SESSION['user_id'])) {
echo 'Welcome';
if (isset($_SESSION['first_name'])) {
echo ", {$_SESSION['first_name']}! ";
}
echo '<a href="logout.php" title="Logout">Logout</a>
<a href="change_password.php" title="Change Password">Change Password</a>
';
// Add links if the user is an administrator:
if ($_SESSION['user_level'] == 1) {
echo '<a href="admin/test.php" title="Admin">Admin</a>
';
}
} else
{ // Not loggin in.
echo '<a href="joinanjoman.php" title="Join Anjoman">Join</a>
<a href="login.php"
title="Login">Login</a><br />
';
}
?>
</div>
Hugh McCurdy
Put the restrictions on each page you want protected.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How are you keeping track of your users? Are using a database connection of some sort?
PHP is server side so you can query the logged in user against the database and display links based on the return.
Hope this helps.
PHP is server side so you can query the logged in user against the database and display links based on the return.
Hope this helps.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ensure your
is at the very beginning of the page, no white space at all for it to be effective..
session_start();is at the very beginning of the page, no white space at all for it to be effective..
ASKER
Thanks all, i'll look at this tomorrow and let you know how I get on!
ASKER
Thanks, all helped get closer to the solution!