I have this login code that directs "civilians" to a certain page and "hosts" to a different page. Now the log-in part works. But if I log in as "civilian" and then change the URL to the host page (ciubab.com/host.php) I am able to access it, which is something I cannot allow.
So how do I block "civilians" from entering a page only for hosts?
I tried using a while loop in the host page to block civilians but that didn't work. I tried reading about sessions and security but I haven't found anything similar.
Can someone help me?
login code: I only published the relevant part.