Menu
I have a question about header('location: ----.php'). Is it safe for an ADMIN to use this function to restrict USER access for some pages? For example if a user is not an ADMIN can I use this function to prevent the user from seeing some pages? Is this a good way to secure some pages from unauthorized access? If not can someone give me a suggestion for secure restriction?
For example I'm using this for restriction:
$id = $_SESSION['id'];
$queryget = mysql_query("SELECT * FROM users WHERE id='$id'");
$row_12 = mysql_fetch_assoc($queryget);
$admin = $row_12['admin_id'];
$ruka = $row_12['rukovoditelj'];
if($row_12['admin_id'] > 1)
{
header('Location: dosjei.php');
}
652
asked Feb 19 '26 00:02
It's safe assuming you stop the execution of the script after (with the exit; order for instance).
header("Location: dosjei.php");
exit;
Of course you need to do the verification at the beginning of the script before to write on the page some data you need to hide to unauthorized users.
153
answered Feb 21 '26 12:02
Yes, it is safe. But only if you exit afterwards. This way, even if the user didn't respect the Location header, he still won't be able to see anything. Something along the lines of:
if ($row_12['admin_id'] < 1) {
header("Location: dosjei.php");
die();
}
display_content_for_authorized_users(); //Would never be reached if $unauthorized is true.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
