Setting up role-based login access to direct the users to a different page based on their admin access, below is my session script for the login page. I only have two roles, the users are either admin or not. They are identified in my users table in an admin column (variable adm) with a Yes or No. Any user with Yes in the admin column should be taken to the admin.php page and any user with a No in the admin column should be taken to the loggedin.php page however no matter who I log in as I am taken to loggedin.php Do I need to add something to my session script on loggedin.php and admin.php, or am I missing something in my login.php session?

Session script on login.php

if (isset($_POST['submitted'])) {

require_once ('../../mysqli_connect.php');

$errors = array();

if (empty($_POST['username'])) {

$errors[] = 'Incorrect username';

} else {

$uname = mysqli_real_escape_string($dbc, trim($_POST['username']));

}

if (empty($_POST['pass'])) {

$errors[] = 'Incorrect password';

} else {

$pass = mysqli_real_escape_string($dbc, $_POST['pass']);

}

if (empty($errors)) {

$query = "SELECT * FROM users WHERE username='$uname' AND pass='$pass'";

$result = @mysqli_query ($dbc, $query);

$row = mysqli_fetch_array ($result, MYSQLI_NUM);

if ($row) {

session_start();

$_SESSION['username'] = $row[6];

$_SESSION['pass'] = $row[7];

$_SESSION['admin'] = $row[8];

if ($_SESSION['admin']=="Yes")

header("Location:../Home/admin.php");

else

header("Location:../Home/loggedin.php");

exit();

} else {

$errors[] = 'The username and password do not match, please try again. If you do not know your username/password, please see the shift supervisor or manager.';

}

}

mysqli_close($dbc);

} else {

$errors = NULL;

}

Session script on loggedin.php

session_start();

if (!isset($_SESSION['username'])){

echo ("Please log in to view this page.

");

exit();

}

include ('../includes/header.php');

?>