-1

I am doing a stock management website and the only issue I have at the minute is page restrictions so normal users cannot access the sensitive administrative data.

I have made this test code:

    <?php 

    $perm = $_SESSION["perm_level"];

    if ($perm == 0) {
        $test = "Employee";
    } elseif ($perm == 1) {
        $test = "Manager";
    } elseif ($perm == 2) {
        $test = "Teacher";
    } else {
        $test = "No value retrieved from session.";
    }

    ?>

The results are printed out into the admin.php page and as such I only get Employee and no $perm even though both $perm and $test are echoed out. How do I assign the session variable correctly to the variable $perm?

JCoDog
  • 3
  • 3
  • 3
    You are assigning `$perm` correctly, I'd be pretty sure the problem is that `$_SESSION['perm_level']` is not set, so `$perm` is `NULL` and hence the `$perm == 0` test always returns true (since `NULL == 0`) and so `$test` is always set to "Employee" – Nick Sep 21 '18 at 09:58
  • Do you do `session_start()`…?! – deceze Sep 21 '18 at 09:59
  • Tip: if for some reason when printing out a variable doesn't show anything, use var_dump() php function to print the variable content, which will show exactly of what type the variable is and it's value (if it has anything). – AwesomeGuy Sep 21 '18 at 10:00
  • JCoDog is a new user. Help him to correct rather than down voting. – Krishnadas PC Sep 21 '18 at 10:01

2 Answers2

0

I think I resolved it. The session was started in header.php and as such header.php needed to be included into the perm checker.

JCoDog
  • 3
  • 3
0

The overall idea must be something like this

User comes and login Then you must start the session with

session_start();

Then $_SESSION["perm_level"] value for this must be set. If it is in db you can relate the username to find out the pem_level

$_SESSION["perm_level"] = 'Value we get from DB';

Only after there is value is in $_SESSION["perm_level"] you can do the if else statements that you have mentioned in your question.

You can view a simple login example with sessions to get an idea how it works.

https://www.w3tweaks.com/php/simple-php-login-and-logout-script-using-php-session-and-database-using-mysql.html

Krishnadas PC
  • 5,981
  • 2
  • 53
  • 54