how to use sessions to give a user admin different access????

[Ibshas25]

 

is this a good way of doing a simple admin different rights e.g  if secret word then go to adminpage.php

 

 

session_start();
$captcha = $_POST["captcha"] ;
$secretword = $_SESSION["secretword"] ;

if (strcmp( $captcha, $secretword )) {
  // it's a bot
}
else {
  // matched -- it's a human
}

[Pikachu2000]

You should store that information with the user's record in the database, such as in a field called `admin` with a boolean TRUE/FALSE value. Then check against that to determine if the user is an admin, and if so set a $_SESSION variable to that effect.

[Ibshas25]

could you please give a simple example like the one ive posted please, as im still abit unsure

 

thanks in advanced

[Pikachu2000]

If you've already added the field to the DB table, while you're authenticating the user's login credentials, just check the field's value. Remember to have session_start(); as the first thing in a script that will use $_SESSION data.

 

$query = "SELECT username, password, admin FROM user WHERE username = $username AND password = $password";
$result = mysql_query($query); 
$array = mysql_fetch_assoc($result);
// take normal steps to check for errors, etc. then check the admin field's value

     $_SESSION['is_admin'] = $array['admin'];

 

Then all you have to do is check for the $_SESSION variable on page access.

<?php
session_start();
if( isset($_SESSION['is_admin']) && $_SESSION['is_admin'] === 1 ) {
     // user is authenticated as an admin
} else {
     //user isn't authenticated, so boot them out with a header() redirect, or display an error, or whatever you need to do.
}

[Ibshas25]

cheers thats a geat example