Twistedweb123

Looking at your code, there seems to be no actual credential in place to check if a user is actually "logged in", but rather just what url they are on. By this logic, I do not need to login anyway, but just visit a certain page of your website? This needs to be recoded. Before you look into seperate menus for users based on their url, you should first look at seperate menus for users based on a login credential, such as a cookie or PHP session. If you use cookies, my browser will be updated with information telling your script I am either a logged in, or out. Rather than checking the URL to see this fact, we check my cookie. If no cookie exists - I am logged out. If a cookie exists but has expired - I am logged out. If a cookie exists and is active - I am logged in. Then, based on the status of my cookie, you can show the appropriate menus. You also need to secure the validation of your cookie and make sure it refences something (such as correct login credential in a database), otherwise I could just set a cookie in my browser to access your site. I have probably over-explained it and gone into too much detail security wise for a newbie, but it is good to plug these mistakes early on. My best suggestion would be looking into PHP sessions. Check out this free resource: http://www.phpeasystep.com/phptu/6.html and from here, you can probably see the if statements which determine a users status. From there, you can show menus depending on that.