<?php
session_start();
?>
error_reporting(E_PARSE);
include "connection.php";
$User_ID=$_SESSION['UserId'];
$query = mysql_query("SELECT * FROM Users WHERE UserID='$User_ID'");
$row = mysql_fetch_array($query);
$filename=$row['PicUrl'];
$username=$row['UserName'];
$fName=$row['FirstName'];

if(isset($_SESSION["UserName"])){
if(!empty($filename)){echo '<img src="'.$filename.'" align="left"width="150px" height="100px"/>';}
echo $fName;
echo"<li><a href='logout.php'>Click here to Logout.</a></li>";
echo"<li><a href='user_update.php'>edit your account detail</li>";
}
if(empty($_SESSION['UserName'])){
echo"<li><a href='login.php'>login</a></li>";
echo"<li><a href='register.php'>Sign Up</li>";
}
?>
      </li>
    </ul>
    <ul class="languages">
      <li class="lang-3 last-item"><a href="#"></a></li>
    </ul>
  </div>
  <div class="navigation">
  <!--======================== menu ============================-->
  <nav>
    <ul class="sf-menu responsive-menu">
      <?php
if(isset($User_ID)){
$abc=array();
$queri=mysql_query("SELECT * FROM `userrights` WHERE `UserId`=$User_ID");
while($cow = mysql_fetch_array($queri)){
$MI=$cow['MenuId'];
$UserID=$cow['UserId'];
$abc[]=$MI;
}
$qry = mysql_query("SELECT 
* 
FROM
adminmenu");
while($row = mysql_fetch_array($qry)){
$MU=$row['MenuUrl'];
$MN=$row['MenuName'];
$MId=$row['MenuId'];
if(in_array($MId,$abc)){
echo"<li><a href='$MU'>$MN</a></li>";}
}
}

i want to that if user have no rights then the url no open if he enter the direct url

this is what i would do with your code adda count and test to see if the
user has permissions

<?PHP

if(isset($User_ID)){
$abc=array();
// add a count when grabbing permissions
$queri=mysql_query("SELECT *,COUNT(MenuId) FROM `userrights` WHERE `UserId`=$User_ID");
while($cow = mysql_fetch_array($queri)){
//test to see if permissions exists if they dont redirect
    if($cow['COUNT(MenuId)'] === 0){
header("location:index.php");
}ELSE{
// do stuff with perssmissions
$MI=$cow['MenuId'];
$UserID=$cow['UserId'];
$abc[]=$MI;

}
}
}
?>

what are you trying to ask?

<?php
session_start();
if(!isset($_SESSION['username'])) 
{
header('Location: login.php');
exit;
}
?>

add this to your page.. which you want to restrict.

i am asking for user rights

my code is hiding the menu link and name only but when i enter the link it can be open
i want to not open whom i am not permissoion to access after enter the link

which URL You don't want to open if user have no permission.

that url that is not allowed in the admin pannel

Where?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.