I am creating a directory for local businesses in my town. I am allowing each business to create a profile on the site where they can upload contact info, photos, their location on a Google map, etc.
I have a good knowledge of php but I wouldn't be anywhere near industry standard.
I'm just looking for some advice on authenticating that the business is logged in on the admin pages. The way I have it at the moment is that when their username and password have been verified I create a session for them:
$_SESSION['session_businessid']
This is basically just a session with their business ID that is taken fem the businesses table in the mySQL database.
Then on each page that requires the business to be logged in I include a php file called verify_logged_in.php which contains the following code:
<?php
session_start();
if ($_SESSION['session_businessid'])
{
$BusinessID = $_SESSION['session_businessid'];
}
else
header ("location: /admin/login.php");
?>
I'm just wondering how secure/unsecure this method is and if there's any better way of doing it?