There are two kinds of users in my system. The admin and normal users. Here i am planning to use session variable to redirect according to their user groups after logging in. Currently Admin has access to unique features(admin dashboard etc). Normal users are having a profile. I need to give the admin possibility to switch between admin dashboard and the user profile without logging in or out more than once. Can anybody give a rough idea how can i implement this?
The better practice is to have groups (which it sounds like you do) and to have levels assigned to each group.
For example, say normal users are 1 and admin users are 2.
Then if your page wants to show content to both normal users and admins you can say so long as the logged in user is >= 1 then show the content.
Likewise if your page wants to show content to only admin users you can say so long as the logged in user is >= 2 then show the content.
This is just a rough example since you didn't provide much context or any examples.
This is not an answer but have you tried considering much simpler and just making exceptions in your code on the regular users page for the admin?
Example, lets take 1 for admin and 2 for regular user:
admin.php can only be accessed if the $row['privilege'] == 1 vice versa for regular user: $row['privilege'] == 2.
Why not do on the regular users page something like:
<?php
if ($row['username'] == "admin" && $row['privilege'] == "1") {
// let admin access page
} else {
// don't let anyone access page
}
?>
I mean it looks to me like something like that would be the easiest way?
That's my opinion but someone else may have a better solution
Though the question is pretty vague. I will try to explain the normal process of managing the user roles, authentication and authorization in a normal web application.
DB Model:
1. Table: User
Columns: id, username, password, ..
2. Table: Roles
Columns: roleId, RoleName
3. Table: UserRoles
Columns: userId, roleId
When user authenticates itself in your AuthController, upon successful authentication, you need fetch the roles, user is associated with. And then you need to put this information in the session.
On your views, you need check the conditions like below, based on your business conditions.
View1.php
if(role in session is 'ADMIN' )
Show the data
View2.php
if(role in session is 'USER' )
Show the data