Here is my login form. aka index.php
<form class="form-3" action="login.php?log=ok" method="post" >
<input type="text" name="username" id="login" placeholder="Username">
<input type="password" name="password" id="password" placeholder="Password">
<input type="submit" name="submit" value="Submit">
</form>
And here is my login checker. aka login.php
<?php
require_once 'classes/Personel.php';
$personel = new Personel();
$personel->setUsername($_POST['username']);
$personel->setPassword($_POST['password']);
$personel->login();
header("Location: index.php");
// REDIRECT
session_start();
if (strcasecmp($personel->getRole(), "LTO") == 0 ) {
$_SESSION['role'] = "LTO";
$_SESSION['personel'] = $personel;
header("Location: LTO");
}else if(strcasecmp($personel->getRole(), "LTFRB") == 0){
$_SESSION['role'] = "LTFRB";
$_SESSION['personel'] = $personel;
header("Location: LTFRB");
}else if(strcasecmp($personel->getRole(), "LGU") == 0){
$_SESSION['role'] = "LGU";
$_SESSION['personel'] = $personel;
header("Location: LGU");
}else if(strcasecmp($personel->getRole(), "ADMIN") == 0){
$_SESSION['role'] = "ADMIN";
$_SESSION['personel'] = $personel;
header("Location: admin");
}
?>
now when i try to access any accounts from them i can easily open its index page and other pages even i'am not login. How can i prohibit that? and how can i avoid the url rewriting?
eg. the index page of admin
try to open my link the correct account is admin-admin also try a wrong one..
Big Thanks in advance.
