Yup, With some help from Jey earlier today, I was able to figure it out.. I only realized it later, how easy it was since all the auth types were being set already, the same piece of code at the beginning of every page should have been good ! Thanks, Vinay On Thu, Mar 29, 2012 at 7:28 PM, Govinda <govinda.webdnatalk@xxxxxxxxx>wrote: > > Hey, > > > > I am working on the application, thought its not OOP currently, I plan to > > take it further in a year or so. > > Right now, I have 4 access levels which define what the users can do on > the > > application. > > Based on the access levels defined, a session varialble is set called > > $_SESSION['authtype'], and this defines what are the links shown to the > > user. > > so basically the session authtype, defines what links are shown to the > > users, now i am thinking that if a user comes to know of a link whihc he > > does not have > > access to, he / she can put that in the url and try to gain access, what > i > > feel is there should be some check on each of the page for the access and > > if the acess > > criteria is not met, then the user should be sent back to him home page > > view. > > > > Any ideas on what the best way is to implement something like this? Any > > help is appreciated. > > > > Thanks, > > Vinay > > > Hi Vinay > > If you are already checking your $_SESSION['authtype'] var, to know > whether or not to display certain links.. then you can just add the same > kind of checking at the top of any code that should be reserved for a > certain level of user. If someone without proper access has hacked the URL > then just redirect to your login page, or whatever you want to do to the > intruders. > > HTH > -Govinda
