I have a login system in place with some pages that 'normal' members should not have access to. I have tried to make it so only the admins have access to these specific pages. My existing code does work... but to a certain degree.
Code: Select all
if($admin == 0)
{
echo '<meta http-equiv="Refresh" Content="0; URL = sorry.php">';
}Basically it pulls the admin value out of the database. If the user is 0, the page will redirect to sorry.php, otherwise it will take them to the admin pages.
Unfortunately the code above is not as quick as it needs to be. Any user can stop the page from redirecting and have access to the admin page. I have tried to make a "page in the middle" so to speak, but if the user knows the url to the admin page, they can still stop the redirection and have full access & control.
Is there anyway around this?
Thanks
-- tarja