CODEWITHSUNDEEP
phphtmladmin
Oceans
Oceans

Reputation: 37

PHP - IF statement either regular user OR admin have access

To view news section in my website you must be logged in (either as a regular account = login_user or admin = admin ) and you can see the uploaded news in chronological order. If you are not logged in as either conditions, direct to somewhere else. HOWEVER the code is thinking none of the conditions are met even when logged in with regular account or admin account and simply directing me elsewhere...

<?php
error_reporting(0);
session_start();
if(!isset($_SESSION['admin']) || !isset($_SESSION['login_user']))
{
?>
<div class = "api" style="position: absolute;
    top: 140px;
    right: 400px;
    width: 730px;
    height: 400px;word-wrap: break-word;">

<h2 align = "center"> <font color ="red"> You Do Not Have Permission To View this Page. </font> <br><br> Your Options Are: 
<br><br><br>
<a href="index.php"> Create and Register for A New Account </a> <br> <br> <br> OR <br> <br> <br> <a href="indexmember.php">Log In With An Existing Account. </h2>
</div>


<?php
}
elseif(isset($_SESSION['admin']) || isset($_SESSION['login_user']))
{
    include 'connect.php';
?>
<div class = "api" style="position: absolute;
    top: 10px;
    right: 220px;
    width: 1200px;
    height: 3200px;word-wrap: break-word;" id="easyPaginate">


<?php
$query = mysqli_query($con,"select * from news order by date DESC");
while($r = mysqli_fetch_array($query))
{
    ?>
    <section class="propertypage">
    <br> <br>
    <h4><?php echo "<b><u>Title</u>: </b>".$r['Title']; ?></h4>
    <h4><?php echo "<b><u>Detail</u>: </b>".$r['story']; ?></h4>
    <h4><?php echo "<b><u>Published Date</u>: </b>".$r['DATE']; ?></h4>
    <img src="<?php echo $r['image']; ?>" height="600px" width="1200px"/>
    <br> <br> <br>
    </section>
<?php
}
?>
</div>

<?php
}
?>

Upvotes: 2

Views: 1106

Answers (3)

dmcoding
dmcoding

Reputation: 341

This is a logic problem.

if(!isset($_SESSION['admin']) || !isset($_SESSION['login_user']))

This means if the admin variable OR the user variable are not set you're going to redirect. If you have one set but not the other, it's still going to redirect.

if(isset($_SESSION['admin']) || isset($_SESSION['login_user']))

This will likely fix your problem. Not's and or's can be tricky sometimes. This conditional will make sure that if either the user or the admin sessions are set you're golden.

Upvotes: 0

Nizar Ahmed
Nizar Ahmed

Reputation: 180

!isset($_SESSION['admin']) and !isset($_SESSION['login_user']) both or at least one of them will always be true, so the condition of the first if statement will always be true. If u r logged in as admin, u r not logged in as normal user and if u r logged in as normal user, u r not logged in as admin. I think this is the problem, hope it helps

Upvotes: 0

Ryan
Ryan

Reputation: 14659

You want:

if(!isset($_SESSION['admin']) && !isset($_SESSION['login_user']))
    // ....

This is saying if the user isn't an admin and the user isn't a login user, then they must not have the privilege.

Upvotes: 5

Related Questions