PHP - Secure user permissions with user profile
I'm currently building a website for myself. I'm looking to restrict certain aspects to the public so that when a user becomes a member they have "full" access.
The plan is to have a members area (for the general public) which will also allow the user to have a unique profile to which they can edit (such as profile picture etc) Currently I've set up a member login, and it does direct the user to a "members area" the problem being permissions. At the moment, if someone was to browse to this "members area" using the url, they can go straight to it. So Permissions is a big issue I'm struggling with. Along with the user them-self having a unique page to which they can edit their details of themselves.
I also intend on having a Company area (company login already created in same way as member login), to which after a member has left a review of a type of job they received from the company this shows on the company profile to which they are able to respond to it if they wish.
TL:DR - Members area permissions to restrict non-users from seeing certain aspects of the website. A member unique profile. Company profile.
Has anyone any good tutorials or tips for designing this sort of thing?
Any help is greatly appreciated.
You can use SESSIONS Variables SESSIONS
Every time a user login you start a session and you store inside the session variables the details you need to check permissions (for example the type of the user) the session variables will be accessible from any page after that
So in every page you can check if the session variable is setup that mean the user is logged in
session_start(); $_SESSION["level"] = 1; if ($_SESSION["level"] == 1) do your thing