astralaaron Posted April 25, 2007 Share Posted April 25, 2007 okay, I have some pages that require username / password..on top of these pages I have this: // Start sessionsession_start();// Check if the user already is logged inif ((!isset( $_SESSION['loggedin'] )) || (!$_SESSION['loggedin'])) { header( 'Location: login.php' ); exit(); the problem now is that I added a page that the normal ($_SESSION['loggedin']) is not alloud into.only $_SESSION['admin'] and $_SESSION['instructor'] are aloud into this new page.how can I change that code so that all 3 sessions can view a page?ive been trying a bunch of things like: session_start();// Check if the user already is logged inif ((!isset( $_SESSION['loggedin']) ($_SESSION['instructor'] ) ($_SESSION['admin'] )) || (!$_SESSION['loggedin']) (!$_SESSION['instructor']) (!$_SESSION['admin'] )) { header( 'Location: login.php' ); exit();} with no success, please help! :-) Link to comment Share on other sites More sharing options...
astralaaron Posted April 25, 2007 Author Share Posted April 25, 2007 on some pages I want all SESSIONS to be able to go, and some pages only 1 session, and another page only 2 of the sessions... Link to comment Share on other sites More sharing options...
astralaaron Posted April 25, 2007 Author Share Posted April 25, 2007 what i need is for $SESSION_['a'], $SESSION_['b'], and $SESSION_['c']to be alloud to access some pages.$SESSION_['a'], $SESSION_['b'] only on another pageand $SESSION_['a'] on the administrative page.. Link to comment Share on other sites More sharing options...
Mr_CHISOL Posted April 25, 2007 Share Posted April 25, 2007 First: I don't know how valid this line really ar, but you don't need it if ((!isset( $_SESSION['loggedin']) ($_SESSION['instructor'] ) ($_SESSION['admin'] )) || The best way to this is to use $_SESSION['loggedin'] as an inidcation that the user is logged in (which means that you should keep the first code you write in your post)Then the simplest way is to use one value to indicate which type of user or group she/he belongs to (Here we use level, you could choose something else).I don't know how your user-table looks but the best would be to use the same method there (one field called level or similar as SMALLINT)You would need to assign a number to each level, here we go upwards...: 0. Guest (not registered/logged in user)1. Registered user2. Instructor3. Admin The first level is ofcourse default and shouldn't be assigned to a normal user, you could create constants for the levels to get more "understanable code", or you could just print out the different levels in the user-info form (that the admin sees) (Then it would perhaps be a good idea to store them in an array...)Store the level (from the the db) in $_SESSION['level'] on login.Then, when you have a part of your site that's should be restricted you check the level like this: // Ony allowed for instructures and higherif ($_SESSION['level'] >= 2) {// The code/page..}// ORif ($_SESSION['level'] >= _LEVEL_INSTRUCTOR) {// The code/page..} Well, that's all that you need (If I didn't left something out...) Link to comment Share on other sites More sharing options...
astralaaron Posted April 25, 2007 Author Share Posted April 25, 2007 First: I don't know how valid this line really ar, but you don't need itif ((!isset( $_SESSION['loggedin']) ($_SESSION['instructor'] ) ($_SESSION['admin'] )) || The best way to this is to use $_SESSION['loggedin'] as an inidcation that the user is logged in (which means that you should keep the first code you write in your post)Then the simplest way is to use one value to indicate which type of user or group she/he belongs to (Here we use level, you could choose something else).I don't know how your user-table looks but the best would be to use the same method there (one field called level or similar as SMALLINT)You would need to assign a number to each level, here we go upwards...: 0. Guest (not registered/logged in user)1. Registered user2. Instructor3. Admin The first level is ofcourse default and shouldn't be assigned to a normal user, you could create constants for the levels to get more "understanable code", or you could just print out the different levels in the user-info form (that the admin sees) (Then it would perhaps be a good idea to store them in an array...)Store the level (from the the db) in $_SESSION['level'] on login.Then, when you have a part of your site that's should be restricted you check the level like this: // Ony allowed for instructures and higherif ($_SESSION['level'] >= 2) {// The code/page..}// ORif ($_SESSION['level'] >= _LEVEL_INSTRUCTOR) {// The code/page..} Well, that's all that you need (If I didn't left something out...) Is there no way to do something like this:<?phpsession_start();if ((!isset( $_SESSION['loggedin'])) || (!$_SESSION['loggedin']))orif ((!isset( $_SESSION['instructor'])) || (!$_SESSION['instructor'])) { header('location:login.php'); } else { header ("location: mmabjj.php?main=1"); }?> Link to comment Share on other sites More sharing options...
astralaaron Posted April 25, 2007 Author Share Posted April 25, 2007 I do see how what you said will work though Link to comment Share on other sites More sharing options...
Mr_CHISOL Posted April 25, 2007 Share Posted April 25, 2007 I don't get why you want to check more than one value when checking if the user is logged in and way you want different "values" to tell if the user is an normal user, instructor etc. I think that that is to over-complicate it... Link to comment Share on other sites More sharing options...
reportingsjr Posted April 25, 2007 Share Posted April 25, 2007 Well, for everyone no matter what should have the loggedin session set IF they are logged in. Then all you have to do is check if thats set and true and they can all access it. What I usually do is have a "power" session, and in it is defined a number like 0-10. The higher the number the more authority they get. That way you check if the loggedin session is set, then if you want to restrict it to admins you check if the session is equal to or greater than the number for admins. Link to comment Share on other sites More sharing options...
astralaaron Posted April 25, 2007 Author Share Posted April 25, 2007 Reporting, how do you write that?I made the level field in my members database like the other guy said.made a user with level 1and put this code so it should let all the ones greater than 0 view it right?it did not work.. it keeps putting me at the login page..<?phpsession_start();if ($_SESSION['level'] >= 0) { header ("location: mmabjj.php?main=1"); } else { header('location:login.php'); }?> Link to comment Share on other sites More sharing options...
astralaaron Posted April 25, 2007 Author Share Posted April 25, 2007 when i changed it to:<?phpsession_start();if ($_SESSION['level'] == 1) {header ("location: mmabjj.php?main=1");} else {header('location:login.php');}?> it worked... but i need the >= 0 why did it not work with that? Link to comment Share on other sites More sharing options...
astralaaron Posted April 25, 2007 Author Share Posted April 25, 2007 Hey i tried this and it worked:<?phpsession_start();if ($_SESSION['level'] > 0) {header ("location: mmabjj.php?main=1");} else {header('location:login.php');}?> (i just took out the = sign) Link to comment Share on other sites More sharing options...
astralaaron Posted April 25, 2007 Author Share Posted April 25, 2007 Thank you MR CHISOL it works perfectly. you were right that way is alot better Link to comment Share on other sites More sharing options...
Mr_CHISOL Posted April 25, 2007 Share Posted April 25, 2007 Note to reportingsjr: isn't that what I did in the previuos post?EDIT: Ok, guess that this post is "reduntand" (couldn't find a better word) now, but here's what I wrote:I'm not sure on what you are trying to do... Note that you still must use (well, you could do like that, but that requires you to make sure that $_SESSION['level'] allways has a value and that's making things more complicated than they need to be. Keep the code where you check $_SESSION['loggedin'][/code]You also need to note that "Guest" (0) is a pseudo- or non-existing level (as a guest is someone that isn't logged in), You can't (or shouldn't) assign a normal user this level.You should "only" check the level when there's a restricted area. An "area" that all logged in users can access doesn't need checking, as you already checked that the user is logged in in the beginning of the code.Hope that made things clearer Link to comment Share on other sites More sharing options...
reportingsjr Posted April 25, 2007 Share Posted April 25, 2007 Oh, whoops! Sorry about that, we did say the same thing. But it looks like you got it, dont check if the level is equal to 0, then anyone with a level of 0 or higher can view it.. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.