cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
0
Upvote

Prevent access by access level

nfhopmike2
New Here ,
Oct 03, 2012 Oct 03, 2012

I have set up a login system that has 3 access levels: admin, level1 and level2. The access levels are stored in a session, MM_UserGroup. I need to protect some pages from being opened by typing in their URL direct - ie they should only be able to be opened if the user is logged in under the usergroup 'admin'. Can't seem to work out the code to do this - it's probably very simple. Something like

session_start();

if (!isset($_SESSION['MM_UserGroup']=='admin'))

{

header ("Location: login.php");

}

ie if the session is not opened by an admin level user then redirect to the login page, otherwise continue to open the page.

TOPICS
Server side applications
1.5K
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

David_Powers
LEGEND , Oct 07, 2012 Oct 07, 2012

nfhopmike2 wrote:

That's what I thought - however using this code redirects both admin and level1 back to the login page.

Catches me out every time. The problem is using two negative comparisons. A conditional statement stops as soon as it reaches a TRUE value. Because "level1" is not "admin", $_SESSION['MM_UserGroup'] != 'admin' returns TRUE. As a result, $_SESSION['MM_UserGroup'] != 'level1' is never tested.

You need to rewrite the condition like this:

if (!isset($_SESSION['MM_UserGroup']) || 
   
...
Translate
replies 7 Replies 7
latest latest Jump to latest reply
David_Powers
LEGEND ,
Oct 06, 2012 Oct 06, 2012

You can't mix isset() and the equality operator like that.

Change your code to this:

session_start();
if (!isset($_SESSION['MM_UserGroup']) || $_SESSION['MM_UserGroup'] != 'admin') {
    header('Location: login.php');
    exit;
}

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
nfhopmike2
New Here ,
Oct 07, 2012 Oct 07, 2012
In Response To David_Powers

Thank you David that is very helpful. How would I change this code if I wanted to allow both admin and level1 users acess to the page?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
Oct 07, 2012 Oct 07, 2012
In Response To nfhopmike2

Just add another condition at the end of the if() clause.

session_start();

if (!isset($_SESSION['MM_UserGroup']) || $_SESSION['MM_UserGroup'] != 'admin' || $_SESSION['MM_UserGroup'] != 'level1') {
    header('Location: login.php');
    exit;
}

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
nfhopmike2
New Here ,
Oct 07, 2012 Oct 07, 2012
In Response To David_Powers

That's what I thought - however using this code redirects both admin and level1 back to the login page. They both work OK if I just have the single conditional statement as before. What I am trying to achieve is to allow access to all pages by admin, with some pages also accessible by level1 but not level2, and other pages also accessible by level2 but not level1.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
Oct 07, 2012 Oct 07, 2012
In Response To nfhopmike2

nfhopmike2 wrote:

That's what I thought - however using this code redirects both admin and level1 back to the login page.

Catches me out every time. The problem is using two negative comparisons. A conditional statement stops as soon as it reaches a TRUE value. Because "level1" is not "admin", $_SESSION['MM_UserGroup'] != 'admin' returns TRUE. As a result, $_SESSION['MM_UserGroup'] != 'level1' is never tested.

You need to rewrite the condition like this:

if (!isset($_SESSION['MM_UserGroup']) || 
    !($_SESSION['MM_UserGroup'] == 'admin' || 
    $_SESSION['MM_UserGroup'] == 'level1'))  {
      header('Location: login.php');
      exit;
}

This uses positive comparisons for "admin" and "level1", and wraps the alternatives in a pair of parentheses preceded by an exclamation mark. If the session variable is neither "admin" nor "level1", it returns TRUE, causing the user to be redirected.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
nfhopmike2
New Here ,
Oct 07, 2012 Oct 07, 2012
In Response To David_Powers

Thank you David - I'm just beginning to get my head round how conditionals work - or don't if you get it wrong!! You've saved me a lot of time, thanks again.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
David_Powers
LEGEND ,
Oct 07, 2012 Oct 07, 2012
LATEST
In Response To nfhopmike2

You're welcome. As my original answer demonstrated, conditionals can be difficult to work out. Working with positive comparisons is usually much simpler than negative ones.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices