I have a backend site and I need to protect the variable
$user_type
It is set to Type1,Type2,Type3, or Type4
I rustled up some encrypt / decrypt basic functions here on phpbuilder, and that is cool, so is it secure enough to encrypt the $user_type to a string, then plug it into a server side session variable
i.e.
session_register['user_type'];
$user_type = encrypt('Type1',$keyforencryption);
And then im including a security.php file in all the headers of the pages which decrypts $user_type and checks that it matches the right user_type who is authorised to view that page. If not, it overrides the page, displays the login form and calls the die; command.
I really just need to stop anyone trying to gues the variables in the URL to try and get higher level access to the backend.
I do not have mcrypt installed and I want to know if anyone thinks this is an ok way to do things or if there is an easier, more secure way to do it.
thanks for your help.
