> Hey, > > I am working on the application, thought its not OOP currently, I plan to > take it further in a year or so. > Right now, I have 4 access levels which define what the users can do on the > application. > Based on the access levels defined, a session varialble is set called > $_SESSION['authtype'], and this defines what are the links shown to the > user. > so basically the session authtype, defines what links are shown to the > users, now i am thinking that if a user comes to know of a link whihc he > does not have > access to, he / she can put that in the url and try to gain access, what i > feel is there should be some check on each of the page for the access and > if the acess > criteria is not met, then the user should be sent back to him home page > view. > > Any ideas on what the best way is to implement something like this? Any > help is appreciated. > > Thanks, > Vinay Hi Vinay If you are already checking your $_SESSION['authtype'] var, to know whether or not to display certain links.. then you can just add the same kind of checking at the top of any code that should be reserved for a certain level of user. If someone without proper access has hacked the URL then just redirect to your login page, or whatever you want to do to the intruders. HTH -Govinda -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
