Hi All

New day new issue .

I’m working on a login system that currently redirects the user based on the user_level column in the db. on the login page, i have set the session variables as follows:-

// Store data in session variables $_SESSION["loggedin"] = true; $_SESSION["id"] = $id; $_SESSION["email"] = $email; $_SESSION["user_level"] = $userlevel; if ($_SESSION["user_level"]==50){ header("location: admin/admin.php"); exit; } else { header("location: dealer.php"); exit;}

The redirection based on user level works fine. The issue i have is, once the user is logged in, the session is not restricting access to the admin page if the user was to try and guess the correct url. Currently i have:-

// Initialize the session session_start(); // Check if the user is logged in, if not then redirect him to login page if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){ if ($_SESSION["user_level"]==50){ header("location: admin/admin.php"); exit; } else { header("location: dealer.php"); exit;} else { header("location: login.php"); exit;} }

Any advice would be much appreciated.