Hi, I need some help with my html/php, restricted access script. The purpose with this script is to let users login to a members area; some with admin permission, some with newbe permission and some with advanced permissions. The permissions are pre-defined in the MySQL-DB with a use_level-field in the user-table. The different user-groups should have access to the following content: admin - permissions to everything (for now the same as advanced) advanced - lecture 1 and lecture 2 newbe - only lecture 1 The problem with this script is that it does not redirect the different user groups to their repective index-pages, please help me to detect why! <?php include('config.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link href="<?php echo $design; ?>/style.css" rel="stylesheet" title="Style" /> <title>Connexion</title> </head> <body> <div class="header"> <a href="<?php echo $url_home; ?>"><img src="<?php echo $design; ?>/images/logo.png" alt="Members Area" /></a> </div> <?php //If the user is logged, we log him out if(isset($_SESSION['username'])) { //We log him out by deleting the username and userid sessions unset($_SESSION['username'], $_SESSION['userid']); ?> <div class="message">You have successfuly been loged out.<br /> <a href="<?php echo $url_home; ?>">Home</a></div> <?php } else { $ousername = ''; //We check if the form has been sent if(isset($_POST['username'], $_POST['password'])) { //We remove slashes depending on the configuration if(get_magic_quotes_gpc()) { $ousername = stripslashes($_POST['username']); $username = mysql_real_escape_string(stripslashes($_POST['username'])); $password = stripslashes($_POST['password']); } else { $username = mysql_real_escape_string($_POST['username']); $password = $_POST['password']; } //We get the password of the user $req = mysql_query('select password,id,usr_level from users where username="'.$username.'"'); $dn = mysql_fetch_array($req); //Get user level of the user $usr_level = $req['usr_level']; //We compare the submited password and the real one, and we check if the user exists if($dn['password']==$password and mysql_num_rows($req)>0) { //If the password is good, we dont show the form $form = false; //We save the user name in the session username and the user Id in the session userid $_SESSION['username'] = $_POST['username']; $_SESSION['userid'] = $dn['id']; if($usr_level == 1) { ?> <div class="message">You have successfuly been logged in. You can now access the admin area.<br /> <a href="index2.php">Home</a></div> <?php } if($usr_level == 10) { ?> <div class="message">You have successfuly been logged in. You can now access to the newbe area.<br /> <a href="index1.php">Home</a></div> <?php } if($usr_level == 11) { ?> <div class="message">You have successfuly been logged in. You can now access the advanced area.<br /> <a href="index2.php">Home</a></div> <?php } } else { //Otherwise, we say the password is incorrect. $form = true; $message = 'The username or password is incorrect.'; } } else { $form = true; } if($form) { //We display a message if necessary if(isset($message)) { echo '<div class="message">'.$message.'</div>'; } //We display the form ?> <div class="content"> <form action="connexion.php" method="post"> Please type your IDs to log in:<br /> <div class="center"> <label for="username">Username</label><input type="text" name="username" id="username" value="<?php echo htmlentities($ousername, ENT_QUOTES, 'UTF-8'); ?>" /><br /> <label for="password">Password</label><input type="password" name="password" id="password" /><br /> <input type="submit" value="Log in" /> </div> </form> </div> <?php } } ?> <div class="foot"><a href="<?php echo $url_home; ?>">Go Home</a></div> </body> </html>