Home/ Questions/Q 6754387
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T13:16:25+00:00

I’m trying to use session variables to limit the access to a page. I

  • 0

I’m trying to use session variables to limit the access to a page. I have 3 levels of access: admin, help and tech. On pages with help or tech access admin is also allowed. I can’t figure out how to write the if statement.
Here is the code I have:

<?php
    //Start session
    session_start();

    //Check whether the session variable SESS_MEMBER_ID is present or not
    if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == ''))  {
        header("location: fail_access.php");
        exit();
    }
    if ((!isset($_SESSION['SESS_ACCESSLVL']) == 'admin') || (!isset($_SESSION['SESS_ACCESSLVL']) == 'help')) {
        header("location: fail_access.php");
        exit();
    }
?>

When I have it like it is shown here it allows all levels to access the page that should be restricted to ‘help’ (that also includes ‘admin’).
Can someone point out the error of my ways?? Any help greatly appreciated. I’m very new at this an obviously don’t fully understand it.

Cheers

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try:

    if (
     !isset($_SESSION['SESS_ACCESSLVL']) || 
     !(($_SESSION['SESS_ACCESSLVL'] == 'admin') || ($_SESSION['SESS_ACCESSLVL'] == 'help'))
   ) 
{
    header("location: fail_access.php");
    exit();
}

    You could also try out http://php.net/manual/en/function.in-array.php

    $allowedAccessLevels = array('admin', 'help');
if (
     !isset($_SESSION['SESS_ACCESSLVL']) || 
     !in_array($_SESSION['SESS_ACCESSLVL'], $allowedAccessLevels)
   ) 
{
    header("location: fail_access.php");
    exit();
}
    • 0