I'm new to PHP. I have created a system where the users include user and admin. I login as a user in the system and the URL is localhost/View/user.php.
When I change the URL from localhost/View/user.php to localhost/Admin/admin.php, the user automatically has an admin interface.
My question is - how can I stop the user from being able to change the URL to /admin.php and accessing the admin interface?
分享 I have the proper solution. suppose your admin's users id is 'admin' and your other users have other user id. Then use $_SESSION('login_user') to login. In your amdin page you want to protect from user you sholud put a condition that
$result = mysql_query("select username from adminlogin where username = '".$_SESSION['login_user']."'");
$result_value = mysql_fetch_array($result);
echo $result_value['username'];
if($result_value['username']!="admin")
{
header("Location: index.php");
}
Now it will check for user id = admin then it allow to access other wise it redirect the page to index.php that is our login page. If you can not understand then you can replay. Thanku
分享
