I have 3 user types for my program. Employee, HR, and Vendor. Whenever employee is logged in he/she can only access pages available to the employee.
if( $usr->userLogin() ) {
echo "Welcome";
if($usr->user_type == "Vendor") {
$_SESSION['vend']='set';
header("Location:Vendor/vendorHome.php");
}
else if($usr->user_type == "HR"){
$_SESSION['hr']='set';
header("Location:HR/hrHome.php");
}
else {
$_SESSION['emp']='set';
header("Location:Employee/home.php");
}
}
else {
echo "Incorrect Username, Password, or User Type. Please Try<a href='index.php'> Again</a>";
At the top of each page I have this code which is different based on if its one of the 3 types.
?php
session_start();
if(!isset($_SESSION['vend'])) #If session is not set, user isn't logged in.
#Redirect to Login Page
{
header("Location:../index.php");
}
?>
While writing this application, this wasn't a problem until I realized that if I add another user to any type, the second user is able to access the first users pages, information and everything from the database. Is there any way to declare a second session ID based on user? How would I limit what information is available to each user based on type of user and the individual user themselves? is this even possible? I don't know how many users there will be for each type but I know that there will be multiple as in more than 5.
**EDIT:**Thank you for your suggestions. I will be improving my code with them. I don't think I explained my problem correctly though.
Lets say I have 2 Users of the Employee Type 'Jack' and 'Jill'. 'Jack' went through the application and added some forms that only he should see or be able to edit and logged out. When 'Jill' logged in she shouldn't have seen anything. That's not the case. 'Jill' logged in, and was able to see and edit everything 'Jack' could. Neither 'Jack' nor 'Jill' can access anything HR or Vendor related. That part of the session variables worked.
