session to prevent access

[searls03]

I was asked to make new thread for this, so how do I use a session or something to restrict access to a page.....like if accounttype=Admin, stay here, all others go away......do you need to see code, or can you just give me an example.......

[Eyewash01]

On your login processing page, if someone logs in successfully (i.e. puts in the correct username and password), then you should add a line like:

 

<?php
  $_SESSION['logged_in'] = true;
?>

 

Then on each page you want to protect, at the top of the page should be:

 

  if (!isset($_SESSION['logged_in'])){
    header("Location: login.php");
  }

 

Then when they log out, you need to:

 

  unset($_SESSION['logged_in']);

 

Remember to include session_start(); at the top of any page where you want to reference or set session variables.

[PFMaBiSmAd]

Your header() redirect needs an exit; statement after it to prevent the remainder of the code on the page from being accessed when someone ignores the header that was sent to the browser.

[searls03]

But I need to make it not just so it lOgged in....only if admin logged in.....

[PPowerHouseK]

I have just tried to use this, and it seems it sends me to the login page even if I have logged in. 

Here is what I have:

<?php
if (!isset($_SESSION['logged_in']))
{
	echo"failed";
	header("Location: fail.html");
}
else
{
	echo("loaded<br>");
}
?>
rest of page...

And on the login page it sets the login with:

$_SESSION['logged_in'] = true;

But wheter I use the login, correctly, or just go straight to that page, I still get sent to the failed.html  I would appreciate any help.

 

 

@OP: Perhaps you could just give the admins the right password, or a different login page than the other users.