1. If you use a rooting/subdirectory login then you can simply check if the directory is of the user.

2. If it's a normal restriction page, then you can setup a DB table priviledges, where you store info what kind of priviledges to what page user has.

3. Or you can setup a hierarchic system - one variable state, where you store number, the higher number, the more user can.

I think the first and second are best options for you. Or combination of 1. and 3.

It all depends what you like to have.
bbforums have the 2. option installed.

Hope this herlps you
Michal

Hello Michal,

Thanks for your help.. I think I have not given the clear picture of what exactly i need
I have user table and dept table where i store userid and deptid subsequently.

Now the client login and i check the deptid for that login and store his deptid on a session variable and redirect him to his previalged page.

My question is, suppose if the logged in users tries to enter the url whose previalges page is not as his privalged, i have to throw him a message. Please let me know if iam quite clear.

Example; userid = Saint
deptid = 1
access page = 1.php

userid = Honore
deptid = 2
access page = 2.php

if userid = Saint -----> throw message

do you only want to do it for specific users? Wouldn't access be done by groups?

Do you have user level and dept level access?

I think you are probably looking to set the access group for the section or page

so you would need to set the level for the page/section and then copare with the level stored in the session

$pageaccess = 2;
if ($_SESSION['deptid']!= 2) {
echo '<p>You aren't allowed here';
die();
}

if you had progressive levels you could also use a comparison like

if ($_SESSION['deptid'] < 2) {

then if you needed user specific tests then that could be done as well. User specific tests/access are usually reserved for single or high level users as they become more work for large groups of users.

Hi jatar_k,

Thats the one i was looking for...
Thanks for the prompt reply.