I have a directory of folders and I want to prevent the user named "x" whos files are availiable like this:reports/x/2015/04/ from changing the x to y and seeing all of those folers in y. I have the sessions working so that you need to be logged in to see any folders, but if you are logged in as x you can see the y folder by changing the URL. here is my index.php.
<?php
session_start();
if(!isset($_SESSION['username'])){
header("Location:../../../../login/login.php");
}
require_once('../../../config.php');
require_once('../../../boilerplate.php');
global $smarty;
$smarty->display('general-report.tpl');