Home/ Questions/Q 9072163
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T18:06:22+00:00

I have a login script which checks if the authority id is 5 =

  • 0

I have a login script which checks if the authority id is 5 = admin, 6 = employee, or 7 = student.

Please check below:

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql = "SELECT * FROM users WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){   
// Register $myusername, $mypassword and redirect to file "main.php"
$_SESSION["myusername"] = $myusername;
$_SESSION["mypassword"] = $mypassword;

while($count = mysql_fetch_assoc($result)) {
                              //echo $row['Username'];
                              //echo $row['access_level'];

                              if ($count['AuthorityId']== 5) {
                              //add custom content here for this user access level
                              header("location: adminpage.php");
                              exit();
                              } // end of if

  else if ($count['AuthorityId']== 6 ){
  //add custom content here for this user access level
    header("location: employeepage.php");
     exit();
  } // end of else if
  else{
    header("location: studentpage.php");
     exit();
      }

} // end of while 
}
else if( $myusername == '' || $mypassword == '' ){
echo '<script type="text/javascript">
alert("There are empty fields!");
</script>'; 
}
else {
echo '<script type="text/javascript">
alert("Wrong Username or Password")
</script>';
}
?>

When the user is an admin, he then goes to adminpage.php, but when I would directly put the url for employeepage.php, the user can access it. How can I restrict users from accessing other pages? thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Store the authority in another session variable like so:

    if ($count['AuthorityId']== 5) {
    //add custom content here for this user access level
    $_SESSION['authority'] = 5;
    header("location: adminpage.php");
    exit();
} // end of if

    And then use:

    if($_SESSION['authority'] != 5){
    die();
    // Or something more useful like a redirect
}

    On restricted pages.

    • 0