I´m just trying to learn something of php and I have two questions. I want to make user roles based system, for the begining I just simply added a role for each user (admin, user, etc.), which is saved directly in users table in mysql? I mean my user table has columns id, nick, password, role. Is this OK, or even safe?
Second question is if it is safe to check user permisions like
// Check if the user is logged in, if not then redirect him to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
header("location: login.php");
exit;
}
// Check if the user has admin role, if not then load up page which tells u - You dont have perm to use this site
elseif($_SESSION["role"] !== "admin"){
include "noperm.php";
exit;
}
Can I do this, or there's still possibility that role user, or ununregistered user can access this page (e.c. user management site)?
</div>