User Access Limit Help Needed

[exy123]

I am looking for help with some examples on limiting users to certain pages.

 

What I have is a simple username and password auth ainst mysql db , the login page has the relevant code

 

session_register("username");

session_register("accessmem"); 

header("location:index.php");

 

//accessmem is a db field in the users table which assigns them to a group to which the group should have access to some pages and some not.

 

On every page I have the following code which works for full access for all users:

 

<?

session_start();

if(!session_is_registered("username")){

header("location:login.php");

}

 

Some of the accessmem Groups are Clients , Admins , so i tried the following to not allow clients:

 

<?

// You may copy this PHP section to the top of file which needs to access after login.

session_start();

if($accessmem = "Clients"){

header("location:login.php");

}

elseif(!session_is_registered("username")){

header("location:login.php");

}

?>

 

 

Then what happen is with this code is No user can access the page if hes in Admins or Clients group.

 

What am I doing wrong or is there an easier way to allow/deny all users matching the $accessmem ? Or completely better way of doing the whole autenticating and permissions on pages ?

 

PS : If I echo $accessmem at the top of the page after the session_start it gets the correct group from the login page.

[redarrow]

The best way is when a user joins the website is to set the user's login status via the collected information then add a number to the database and then let only those that have access to the page via that number from the database.

 

example.

 

1. means admin

2.means normal user

3. means power user

4. user upload rights

 

use an int in the database column

[exy123]

Thanks for info redarrow , but I am still relatively new to php , can you please elaborate a bit more , are you saying I must session_register the value of 1,2,3 or 4 for example instead of a name like Admins ? And then where does one limit them on the page at the top right below session_start or somehwere else ? Or how does one only allow access to the page by a certain number ?

 

Thanks

[redarrow]

are you wanting to let user's join your site via letting them do only things that are based on there login status.

[exy123]

Bascilly it is a Data Centre management and change control program , I create the users myself , but when they login they must only be able to open and use  cc.php and ccstatus.php but not reports.php for example.

[redarrow]

reports.php

 

<?php

if($accessmem = "Clients"){ 

header("location:index.php"); 

}else{

//show what ever for reports.

}

?>

[exy123]

It still wont work , but I now get the following error that it cant modify the headers:

 

Warning: Cannot modify header information - headers already sent by (output started at path/ccstatus.php:4) in path/ccstatus.php on line 8

[redarrow]

 

<?php sesion_start();

ob_start();


if($accessmem = "Clients"){ 

header("location:index.php"); 

}else{

//show what ever for reports.

}
ob_flash_end();
?>
[code]

[/code]

[exy123]

Thanks The ob functions removed the error but then it assigned the word Client to the variable , chanegd the = to == and all is working thanks.