Protect pages with php sessions

vincekaribusana · May 29, 2017, 8:24pm

Hi, I need to protect some pages using SESSIONS I’ve created a new function, which I then call into each page. The following code seems to work but I’m not sure if is written correctly and also when I redirect a logged in user with “client” role how can I redirect them to the client dashboard? At the moment it does redirect unlogged and clients to the index page. Many thanks

function check_login(){

    if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == 'true' && isset($_SESSION['user_role']) && $_SESSION['user_role'] == 'admin') {

    }else{
         header('Location: ' . BASE_URL . '/index.php'); 
    }


}

WebMachine · May 29, 2017, 9:48pm

You haven’t said what the path to the client dashboard is, so I used a fake filename, but maybe try something like this:

if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == 'true' && isset($_SESSION['user_role']) {
	
    switch ($_SESSION['user_role']) {
		
	case 'admin' :
		
		// some code here
		break;
		
	case 'client' :
		
	      header('Location: ' . BASE_URL . '/client_dashboard.php'); 
	     break;
			 
	}
	
} else {
	
         header('Location: ' . BASE_URL . '/index.php'); 
}

Disclaimer: I am not an expert in PHP.

mlukac89 · May 30, 2017, 7:11pm

Here you have a very good explained about session security http://forums.devshed.com/php-faqs-stickies/953373-php-sessions-secure-post2921620.html

Some functions are outdated so you need to check in www.php.net to replace them.

system · August 30, 2017, 2:26am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.