Login Script problem

[SG1]

Hey, i got a login script from evolt.org with admin feature made bu jpmaster77.

The problem i am having is that pages that should be only available to some users is avaiable to all. What happens when you are not authorized to wiev it it just log in as guest and you can see it.
I'm not sure what information you want, so i'll just post a few snippets, and just ask for whatever more you need :-)

(process.php)

--------------------------------------------------
function Process(){
      global $session;
      /* User submitted login form */
      if(isset($_POST['sublogin']))

......
/**
      * Should not get here, which means user is viewing this page
      * by mistake and therefore is redirected.
      */
      else{
          header("Location: index2.php");
      }

Same if, just removed some elseif's
-------------------------------------------------------------
Constants.php
-------------------------------------------------------------

/**
    * isAdmin - Returns true if currently logged in user is
    * an administrator, false otherwise.
    */
  function isAdmin(){
      return ($this->userlevel == ADMIN_LEVEL ||
              $this->username  == ADMIN_NAME);
  }
 
  /**
  *isLevel - Same function as isAdmin for users
  */
  function isLevel(){
  return ($this->userlevel >= $level);
  }

Tried to add an isLevel to help secure.. dunno if it will help, but doesn't seem so :-)
---------------------------------------------------------------------------------
i.e page3.php
-----------------------------------------------------------------------------------

if($session->logged_in){
if($session->userlevel==X){

  echo "<h1>Logged In</h1>";
  echo "Welcome <b>$session->username</b>, you are logged in. <br><br>"
      ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>]<br> &nbsp;&nbsp;"
      ."[<a href=\"useredit.php\">Edit Account</a>]<br> &nbsp;&nbsp;";
  if($session->isAdmin()){
      echo "[<a href=\"admin/admin.php\">Admin Center</a>]<br> &nbsp;&nbsp;";
  }
  echo "[<a href=\"process.php\">Logout</a>]<br>";
}
}
else{
?>


put in x in user level since there is 9 possibilities..
I have also tried without my "experiment, but it still log in as guest..
-----------------------------------------------------------------------
So, here is my question. How do i really make the script work like intended? (only specified user level can view the page(s)

Hope anyone can help me. Thanks

[Loki]

I would have to see more of the code but It looks like you didnt put a check if they are not that level.  You can try a code similar to this that once it checks the user level, if they are not in it then it will display a message to them.

of course your variable $level would be whatever level you want to access that area.


if (!isLevel($level)){
die("You are not allowed to access this area!!");
}


Or you could do a redirect somewhere if they are not in that level.


if(!isLevel($level)){
  Header("Location: whereever_you_want _to_redirect_them.php");
        die();
    }