I have something like this
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="xxxx"; // Database name
$tbl_name="xxxxxx"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$res = mysql_query("SELECT * FROM members WHERE username = '$username' LIMIT 1");
if(mysql_num_rows($res)>0)
{
$d = mysql_fetch_array($res);
if($password == $d['password'])
{
session_regenerate_id(); //security for changing permissions
session_register['id'] = $d['id'];
session_register['access_level'] = $d['access_level'];
switch($d['access_level'])
{
case 1:
$loc = "home.php";
break;
case 2:
$loc = "paramedic.php";
break;
case 3:
$loc = "doctor.php";
break;
case 4:
$loc = "medprac.php";
break;
case 5:
$loc = "wardboss.php";
break;
case 6:
$loc = "consultant.php";
break;
}
header("Location: $loc");
}
}
?>
and this is verry correct I suppose.
But I am having problem locking the pages. I want doctors and admin to have access to all pages while other to their pages only