I'm creating a web directory and I have created a system so admin can add content to site the problem is the content is static and is being added into directory because we want to show it like mysite.com/test/content/ab.html so how do I use php allow access to that url via php and user details are in mysql database. I mean if user is logged in and has permission then he it can see the mysite.com/test/content/ab.html or any file inside the content but if he/she is logged out then it should redirect.
edit: I have solved half problem using htaccess now it checks if user is logged in but how do I redirect if user is logged in ? here is the htaccess I used
# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymLinks +ExecCGI
Options +SymLinksIfOwnerMatch +ExecCGI
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !(\.php)$
RewriteRule (.*) /index.php [QSA]
</IfModule>
It's difficult to help without knowing how you log people in (you must do so you at least know they're logged in and which user they are) I'm going to assume a basic login system.
The way I do it is basic login.php page, if login successful set some basic sessions (no password, username or sensitive info) and set their user level (so you can manage what they can access)
eg, if login = successful:
$_SESSION['loggedin']['userlevel'] = $FromDatabase['userlevel'];
Then in an include file which is included in every page (header.php or config.php) I have (my config.php is before any headers/browser out put sent etc)
if (!isset($_SESSION))
{
session_start();
}
$strUserLevel = false;
if (isset($_SESSION['loggedin']['userlevel']))
{
$strUserLevel = $_SESSION['loggedin']['userlevel'];
}
Then I can use this throughout the site to control their access, :
if($strUserLevel == false)
{
header("location: login.php");
die();
}
//or wherever you want to redirect them
//or just say you need to be logged in to view this, link to login page (etc)
if ($strUserlevel < 3) // or whatever level they need for this page
{
echo "You cannot edit this page";
exit();
}
else
{
//a form or whatever
}
The above is just basic examples. My code is a bit more complex as I always use config.php in includes and set global variables to use site wide there, and have a basic login check function (checks their current IP matches the one I checked at login time and stored in DB and other things etc).
Another method of permission control is using mysql tables. So if you have TABLE tblEditPageAB, anyone who's name is in in a row in that table can edit that page. Though this is more used for admin control, ie you have tblAdministrateOtherUsers - again anyone who has their name/details in a row in that table can administrate the other users (or whatever)
To check this you just simply query, and if no results they can't.
Again, the best approach all depends on your site, scenario, how many page syou have to be edited, if they're created on the fly, etc. There are all manner of approaches, but hopefully I've given you food for thought, and helped :)