<!-- Step-1: normal user can access the page by direct link , to prevent that, condition check the user role --> <!-- Step-2: if fail redirect it to post.php (coz main page after login) --> <!-- Step-3: include the code in all the file (like delete catagory, delete user, update catagory, update user )except admin access --> <?php if($_SESSION["user_role"] == '0') { header("Location: {$hostname}/admin/post.php"); } ?>