I had this problem. I got over it by using 2 sessions (User and Admin). Each page that contains the session at the top checks to see what type of session the user is in and either allows, or header redirects to the index.
Another way could be to have a separate section. for example
yourdomain.com
and
yourdomain.com/admin
The admin index would be exactly the same, just rename the sessions. You can also use sql statements in the session code too, meaning you could add a column in your user table to include access rights maybe?
Heres an example of what i have used
-
<?php
-
session_start();
-
include "conn.inc.php";
-
-
if (isset($_POST['submit'])) {
-
$query = "SELECT username, password FROM user_info " .
-
"WHERE username = '" . $_POST['username'] . "' " .
-
"AND password = (PASSWORD('" . $_POST['password'] . "'))";
-
$result = mysql_query($query)
-
or die(mysql_error());
-
-
if (mysql_num_rows($result) == 1) {
-
$_SESSION['user_logged'] = $_POST['username'];
-
$_SESSION['user_password'] = $_POST['password'];
-
header ("Refresh: 5; URL=" . $_POST['redirect'] . "");
-
echo "You are being redirected to your original page request!<br>";
-
echo "(If your browser doesn't support this, " .
-
"<a href=\"" . $_POST['redirect']. "\">click here</a>)";
-
} else {
-
?>
-
-
