PHP restriction error

Question

I'm trying to restrict users from accessing a page if their rank isn't manager or admin. I made a variable called $rank which is the rank that is fetched from the user's table in my database. When I echo the rank on the page, the rank does equal to manager or admin but it redirects me to the index page because it somehow doesn't equal manager or admin. When I try using this code:

if(!isset($_SESSION['userID'])) {
    header("Location: index.php");
}   else if ($rank == "manager" OR $rank == "admin") {

}   else {
    header("Location: index.php");
}

it does work but I feel like that's the wrong way of doing it. This is the code that I'm using now and isn't working:

$tUsers_Select = "SELECT users.rank, ranks.rank_name FROM users LEFT JOIN ranks ON users.rank = ranks.rank_name WHERE user_id = ".$_SESSION['userID'];

$tUsers_Select_Query = mysqli_query($dbConnect, $tUsers_Select);

$fetch = mysqli_fetch_array($tUsers_Select_Query);

$rank = $fetch['rank'];

if(!isset($_SESSION['userID'])) {
    header("Location: index.php");
}   else if ($rank !== "manager" OR $rank !== "admin") {
    header("Location: index.php");
}

Hopefully you understood. Please comment if you have any questions.

Please define "isn't working." Also, this may be relevant: http://stackoverflow.com/questions/3641819/php-not-equal-to-and — Will, Aug 07 '15 at 03:14
Use `var_dump($rank)` to see what rank is. What does PHP tell you? — Tim, Aug 07 '15 at 03:29

score 4 · Accepted Answer · edited Aug 07 '15 at 03:39

4

This is just a logic problem.

else if ($rank !== "manager" OR $rank !== "admin") {

If rank is manager, then it does not equal admin. If it is admin, then it does not equal manager. So no matter what happens you redirect to index.php.

Change OR to AND.

edited Aug 07 '15 at 03:39

chris85

23,846
7
34
51

answered Aug 07 '15 at 03:35

Zsw

3,920
4
29
43

1

Additionally, I would use `||` for `OR` and `&&` for `AND` as they are the more conventional operators. – Tim Aug 07 '15 at 03:52

gangzi · Answer 2 · 2015-08-07T03:42:03.853

0

First of all, I want to ask you if the session_start() opened before you used the $_SESSION? Then I suggest you to var_dump the $_SESSION['userID']) ,see if this virable is null.

Update: I am not sure about your problem, and you can try this: change the blow code :

if(!isset($_SESSION['userID'])) {
    header("Location: index.php");
}   else if ($rank !== "manager" OR $rank !== "admin") {
    header("Location: index.php");
}

to:

   if(isset($_SESSION['userID']) AND ($rank == 'manager' OR $rank == 'admin')) {
        header("Location: index.php");
    }

I think that can make your code simple.

edited Aug 07 '15 at 03:42

answered Aug 07 '15 at 03:24

gangzi

105
1
13

`session_start()` is open and `$_SESSION['userID']` does return a value. I recommend you comment instead of asking as an answer. – FocuZst Aug 07 '15 at 03:28
2

they need 50 rep to comment. gotta live with it – Drew Aug 07 '15 at 03:29

PHP restriction error

2 Answers2