How do i restrict my admin from viewing a normal user page using php?

118

October 21, 2018, at 04:50 AM

I have a page for users named game.php, where they can update their profile etc. So when the admin logs in, they can still access game.php but I do not want them to do so. How do I prevent it?

I have 2 different log in page, 1 for normal users (logreg.php), 1 for admin (admin.php)

This is my game.php codes, where they restrict all users so I even if I am a normal user, it redirects me back to logreg.php, when I am supposed to be able to access it.

The status of the user will be "gamer" - a normal user OR "admin" - for admin log in.

    <?php
      session_start();
      ob_start();
      If (!isset($_SESSION["username"]['status'])){
        $_SESSION['username'] = $username;
        $_SESSION['status'] = 'admin';
            header("Location:logreg.php");
        }
     else {
        $username = $_SESSION['username'];
        }
    ?

Thanks in advance!!!!

Answer 1

In your if, you are checking the value of $_SESSION["username"]['status'] but in your code you are setting $_SESSION["username"] and $_SESSION['status']. You probably meant the if to read:

if (!isset($_SESSION["username"], $_SESSION['status'])) {

to check that both $_SESSION variables were set.

Answer 2

<?php
  session_start();
  ob_start();
  If (isset($_SESSION["username"]['status'] && isset($_SESSION["username"]['status']=="admin")){
        header("Location:logreg.php");
    }
?>

try this code :)