James Allan James Allan - 1 year ago 89
PHP Question

Login system with 3 levels of users PHP

In my login system code i have 3 users.

But other users can access my admin page.

I want that my admin page can be accessible only for users that has the user level =1 that is the admin.

my code.

include 'includes/dbh.php';
//You can add more params here for more register options
$email= $_POST['email'];
$password= $_POST['password'];

$sql =("SELECT * FROM usuarios WHERE email='$email'
AND password='$password'");
$result = $conn->query($sql);
if(!$row = $result->fetch_assoc()) {
$_SESSION['errorLogin']="Usuario ou senha inválida";
echo "".$_SESSION['errorLogin'];
header("Location: login.php");


$_SESSION['userName']= $row ['nome'];
$_SESSION['userLName']= $row ['sobrenome'];
$_SESSION['userLevel']= $row ['userLevel'];
$_SESSION['useremail']= $row ['email'];
$_SESSION['password']= $row ['password'];
$_SESSION['userContact']= $row ['contato'];
$_SESSION['userContact2']= $row ['contato2'];
$_SESSION['role']= $row ['login'];
if($_SESSION['userLevel'] == 1){
header("Location: adm/painel.php");
}else{ header("Location: cliente.php");

if($_SESSION['userLevel'] == 2){
header("Location: rep_page.php");
}else{ header ("Location: rep_page.php");}

if($_SESSION['userLevel'] == 3){
header("Location: cliente.php");

echo "Your not logged in";


why other two users can access my admin page?
whats wrong?

Answer Source

you have to put the same checking code starting of each page. what i mean is in the admin_panel.php, place like this.

if($_SESSION['userLevel'] == 1){
 //here please place the entire page code
 echo "you have no access this page";
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download