1

I wrote a simple login system and that is working. I've set up a few pages that are only viewable when logged in. I want to restrict a page to specific session IDs. How would I go about doing that? This is what I'm using to restrict pages right now: 

<?php
session_start();
 if (!isset($_SESSION['u_id'])) {
 header("Location: ../index.php?index=mustlogin");
 exit();
}
?>

How would I restrict this from any u_id to a specific u_id?

Tyler Tracy
  • 73
  • 1
  • 10
  • Session IDs come and go, you might want to rethink what you're trying to accomplish. – Difster Aug 04 '17 at 04:49
  • I am trying to restrict a page to a specific user. The session ID is currently set to the users unique ID in theory there should only be one of each unique IDs. Is there a better way to accomplish this? – Tyler Tracy Aug 04 '17 at 04:50
  • check `if ($_SESSION['u_id'] == 'specific id') { /*Load your view*/ }`, after this only load the view else redirect to some other page/as you wish. – Sinto Aug 04 '17 at 04:51
  • The better way would be to tie it to the user id given in the database. That way, when the user tries to access the page, you can query for their continued authorization. And have a 'status' field in their user account so if they have been de-authorized, you can redirect them somewhere else, etc. – Difster Aug 04 '17 at 04:52

2 Answers2

1

You can create an array of specific ids and then use in_array to validate user.

Example

<?php
session_start();
$sessionIds = array('1','2'); //for example i have inserted 1 and 2 as ids
 if (!isset($_SESSION['u_id']) || in_array($_SESSION['u_id'], $sessionIds))  {
 header("Location: ../index.php?index=mustlogin");
 exit();
}

Explanation

Here i created an array $sessionIds of specific ids that will not allow to access page. then cheking with in_array that current session user id exist in $sessionIds array then redirect to user.

shubham715
  • 3,324
  • 1
  • 17
  • 27
1

You need to match your $_SESSION['uid'] with your specific id. For that you need some kind of data for specific user id. There are multiple approach to do this but I would do this with array. What you need is an array of your specific ids

 //Should've come from database of your users
      $specific= array(
        "id" => 1 
    );

And then just search in array through in_array()

if (!in_array($_SESSION['u_id'], $specific)) {
     header("Location: ../index.php?index=mustlogin");
     exit();
}
Saad Suri
  • 1,352
  • 1
  • 14
  • 26