Loading different webpages after login verification

lucky-8

hi,

I wish to load a separate webpage if the username of the person loggin is is admin and a totally separate web page for all other usernames..... this is wat i tried but doesnt work.......i want to know why this doesnt work.

Code:

<?
session_start();
if(!$SESSION['myusername']{
header("location:main_login.php");
}
else if($SESSION['myusername'] == 'admin'){
header("location:admin.php");
}
else

{
header("location:simple.php");
}
?>

Another doubt i have is even though i have used sessions to protect un authorized users to enter a page name directly at the url it doesnt quite work well. If i enter a authentic login name and password and enter in and then open another tab or another explorer window i am able to access any page by typing in the URL..... coz the session is set.... do i have to change some settings in my php.ini file?

Pehape

Hi Lucky-8,
Are you turning on your register global ? if so, you better to turn it off cause it would make your web prone for hijacked. this also resolve your 'another doubt'.
--- try this ( hei ,you missed your closing ')' ) ---

session_start();
if(!isset($_SESSION['myusername'])){
header("location:main_login.php");
}
else { 
if($_SESSION['myusername'] == 'admin'){
header("location:admin.php");
}else {
header("location:simple.php");
} }

to prevent user from changing the value directly on the url, then you must read the value by using POST method...