Restricting access to pages based on usergroups
Posted: Sat Apr 19, 2008 10:07 pm
i currently use something like
i think i should put $ar_allowed = array("Employee", "Manager"); at the top of the page ... but anyway, in this way, i need to restrict access to pages, page by page, then i may make mistakes in the $ar_allowed array breaking the access restriction...
what is a more efficient way to do this?
Code: Select all
$sql = "SELECT Usergroups.GroupName FROM Usergroup INNER JOIN User ON Usergroup.GroupID = User.GroupID";
//... mysql_select etc. ...
$rs = mysql_fetch_assoc(...);
//create an array of allowed usergroups (GroupName)
$ar_allowed = array("Employee", "Manager");
if (!in_array($rs['GroupName'], $ar_allowed)) {
//redirect
header(...);
}what is a more efficient way to do this?