I'm developing a Knowledge Management System in PHP + MySQL, Where I'm keeping Staff and Student in Different Table. Now I'm Facing some Problems in Session Management.
I can access student_profile.php?id=1, if logged in as student, but if I change the url as staff_profile.php?id=1, I will be logged in as Staff!
How do I solve this problem?
Also, can I put students and staff on same table? Is there any issue?
分享 You may set different value (identity) for session key when user logged successfully.
In login.php
<?php
session_start();
if(user_is_student()) {
$_SESSION["usertype"]="student";
...
}
else
if(user_is_staff()) {
$_SESSION["usertype"]="staff";
...
}
?>
In staff and student profile pages, verify value of usertype key.
staff.php
<?php
session_start();
$validUser=false;
if(isset($_SESSION["usertype"]))
{
if($_SESSION["usertype"]=="staff")
{
$validUser=true;
}
}
if(!$validUser) {
header("Location: login.php");
}
?>
