changing address bar gives access to admin page

Question

scorpio222 0 Newbie Poster

14 Years Ago

I have developed a website, where i have 2 access levels, users and admin. on the server, i have admin folder with all admin stuff and user folder with all user stuff. based on the username,password combination from login page, i am redirecting the user to appropriate location.

Everything is fine, but when user logs in and if he changes or types into the address bar, the pages from the admin folder then he is able to access them. How do i prevent this from happening?

like if the user is redirected to User.php and he changes the address to Admin.php he is getting access to all the admin stuff from there on.

I want to know how i can prevent a user from entering the Admin folder completely.
Thanks.

php

1 Contributor
1 Reply
67 Views
7 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by scorpio222

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

scorpio222 0 Newbie Poster · Answer 1 · 2010-03-25T00:04:47+00:00

I have figured it out. Just insert the following code in a php file and say this php is file in 'required' in every page of admin

session_start();

//if they are not an admin
if($_SESSION['access_level'] != 'admin'){ 

header('location: user.php');
exit();
}