Jump to content

about multiple user SESSIONS


astralaaron
 Share

Recommended Posts

okay, I have some pages that require username / password..on top of these pages I have this:

// Start sessionsession_start();// Check if the user already is logged inif ((!isset( $_SESSION['loggedin'] )) ||    (!$_SESSION['loggedin'])) {    header( 'Location: login.php' );    exit();

the problem now is that I added a page that the normal ($_SESSION['loggedin']) is not alloud into.only $_SESSION['admin'] and $_SESSION['instructor'] are aloud into this new page.how can I change that code so that all 3 sessions can view a page?ive been trying a bunch of things like:

session_start();// Check if the user already is logged inif ((!isset( $_SESSION['loggedin']) ($_SESSION['instructor'] ) ($_SESSION['admin'] )) ||    (!$_SESSION['loggedin']) (!$_SESSION['instructor']) (!$_SESSION['admin'] )) {    header( 'Location: login.php' );    exit();}

with no success, please help! :-)

Link to comment
Share on other sites

First: I don't know how valid this line really ar, but you don't need it

if ((!isset( $_SESSION['loggedin']) ($_SESSION['instructor'] ) ($_SESSION['admin'] )) ||

The best way to this is to use $_SESSION['loggedin'] as an inidcation that the user is logged in (which means that you should keep the first code you write in your post)Then the simplest way is to use one value to indicate which type of user or group she/he belongs to (Here we use level, you could choose something else).I don't know how your user-table looks but the best would be to use the same method there (one field called level or similar as SMALLINT)You would need to assign a number to each level, here we go upwards...:

0. Guest (not registered/logged in user)1. Registered user2. Instructor3. Admin

The first level is ofcourse default and shouldn't be assigned to a normal user, you could create constants for the levels to get more "understanable code", or you could just print out the different levels in the user-info form (that the admin sees) (Then it would perhaps be a good idea to store them in an array...)Store the level (from the the db) in $_SESSION['level'] on login.Then, when you have a part of your site that's should be restricted you check the level like this:

// Ony allowed for instructures and higherif ($_SESSION['level'] >= 2) {// The code/page..}// ORif ($_SESSION['level'] >= _LEVEL_INSTRUCTOR) {// The code/page..}

Well, that's all that you need (If I didn't left something out...)

Link to comment
Share on other sites

First: I don't know how valid this line really ar, but you don't need it
if ((!isset( $_SESSION['loggedin']) ($_SESSION['instructor'] ) ($_SESSION['admin'] )) ||

The best way to this is to use $_SESSION['loggedin'] as an inidcation that the user is logged in (which means that you should keep the first code you write in your post)Then the simplest way is to use one value to indicate which type of user or group she/he belongs to (Here we use level, you could choose something else).I don't know how your user-table looks but the best would be to use the same method there (one field called level or similar as SMALLINT)You would need to assign a number to each level, here we go upwards...:

0. Guest (not registered/logged in user)1. Registered user2. Instructor3. Admin

The first level is ofcourse default and shouldn't be assigned to a normal user, you could create constants for the levels to get more "understanable code", or you could just print out the different levels in the user-info form (that the admin sees) (Then it would perhaps be a good idea to store them in an array...)Store the level (from the the db) in $_SESSION['level'] on login.Then, when you have a part of your site that's should be restricted you check the level like this:

// Ony allowed for instructures and higherif ($_SESSION['level'] >= 2) {// The code/page..}// ORif ($_SESSION['level'] >= _LEVEL_INSTRUCTOR) {// The code/page..}

Well, that's all that you need (If I didn't left something out...)

Is there no way to do something like this:<?phpsession_start();if ((!isset( $_SESSION['loggedin'])) || (!$_SESSION['loggedin']))orif ((!isset( $_SESSION['instructor'])) || (!$_SESSION['instructor'])) { header('location:login.php'); } else { header ("location: mmabjj.php?main=1"); }?>
Link to comment
Share on other sites

I don't get why you want to check more than one value when checking if the user is logged in and way you want different "values" to tell if the user is an normal user, instructor etc. I think that that is to over-complicate it...

Link to comment
Share on other sites

Well, for everyone no matter what should have the loggedin session set IF they are logged in. Then all you have to do is check if thats set and true and they can all access it. What I usually do is have a "power" session, and in it is defined a number like 0-10. The higher the number the more authority they get. That way you check if the loggedin session is set, then if you want to restrict it to admins you check if the session is equal to or greater than the number for admins.

Link to comment
Share on other sites

Reporting, how do you write that?I made the level field in my members database like the other guy said.made a user with level 1and put this code so it should let all the ones greater than 0 view it right?it did not work.. it keeps putting me at the login page..<?phpsession_start();if ($_SESSION['level'] >= 0) { header ("location: mmabjj.php?main=1"); } else { header('location:login.php'); }?>

Link to comment
Share on other sites

Note to reportingsjr: isn't that what I did in the previuos post?EDIT: Ok, guess that this post is "reduntand" (couldn't find a better word) now, but here's what I wrote:I'm not sure on what you are trying to do... Note that you still must use (well, you could do like that, but that requires you to make sure that $_SESSION['level'] allways has a value and that's making things more complicated than they need to be. Keep the code where you check $_SESSION['loggedin'][/code]You also need to note that "Guest" (0) is a pseudo- or non-existing level (as a guest is someone that isn't logged in), You can't (or shouldn't) assign a normal user this level.You should "only" check the level when there's a restricted area. An "area" that all logged in users can access doesn't need checking, as you already checked that the user is logged in in the beginning of the code.Hope that made things clearer

Link to comment
Share on other sites

Oh, whoops! Sorry about that, we did say the same thing. But it looks like you got it, dont check if the level is equal to 0, then anyone with a level of 0 or higher can view it..

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...