hello , I'm doing web-application for job seeker & i used two login pages one for employee & 2nd for employer, when I give restrict access to jobposed.php page (which is opened only for employer who is loged in)But the problem is employee who is log in can also open this jobposted.php.But what I have to do this page restriction apply for employee only(means already logedin employee should not open this page)
views:
104answers:
3two login page(employee & employer),Page cant authenticate user(either he is employee Or Employer)
Here is some Pseudo code
// Login.php
if($_SESSION['user_login'] == true) {
// Check if Employee or Employer
if($_SESSION['user_permission'] == 'EMPLOYER') {
// Redirect to Employer access page
redirect($url_for_employer);
} elseif($_SESSION['user_permission'] == 'EMPLOYEE') {
// Redirect to Employee access page
redirect($url_for_employee);
} else {
// Redirect to access denied page or register page
redirect($url_for_access_denied_or_register);
}
}
// Employer.php
if($_SESSION['user_login'] == true && $_SESSION['user_permission'] == 'EMPLOYER') {
// Access the page
} else {
// User doesn't have permission or is not logged in to view the page
redirect($url_for_access_denied_or_login_page);
}
// Employee.php
if($_SESSION['user_login'] == true && $_SESSION['user_permission'] == 'EMPLOYEE') {
// Access the page
} else {
// User doesn't have permission or is not logged in to view the page
redirect($url_for_access_denied_or_login_page);
}
The access_denied.php should log the user trying to access and the page that was denied
Hi Amol,
I'm guessing that when the user logs in you create a session. When doing that you should make a difference between the employer/employee. When the employer logs in, create a session like this:
$_SESSION['login'] = 'employer';
And in case the employee logs in, like this:
$_SESSION['login'] = 'employee';
In the file jobposted.php you could build a check like this:
if ($_SESSION['login'] != 'employer') {
echo 'Sorry, this page is restricted to employers only';
return;
}
// Content of jobposted.php
Hope this is what you are looking for.
yes i got the answer, First give the access level to employee & employer login page (get level from the field username in database) & then the restricted pages give authorised as name of this access level field(e.g; $MM_authorizedUsers = "rec_name";//where rec_name is accesslevel