0

I have a function index() in my Admin.php controller and I'm trying to execute the 'if' statement but it is executing the 'else' statement. The admin user and password that I am logging in is correct. There's something wrong in my code and could anyone here please help me. Thanks in advance. :)

Here's my code:

//Admin.php controller

    <?php
class Admin extends CI_Controller
{
  public function __construct()
  {
    parent::__construct();
    if ($this->session->userdata('logged_in') !== TRUE) {
      redirect('Login');
    }
  }
  function index()
  {
    if ($this->session->userdata('level') === '1') {
      $this->load->view('admin_view');
    } else {
      echo "Access Denied";
    }
  }
}

 //Login.php controller

    <?php

class Login extends CI_Controller
{
  public function __construct()
  {
    parent::__construct();
    $this->load->model('Login_model');
  }
  public function index()
  {
    $this->load->view('login_view');
  }

  public function auth()
  {
    $username = $this->input->post('user_name', TRUE);
    $password = $this->input->post('user_pass', TRUE);
    $result = $this->Login_model->check_user($username, $password);
    if ($result->num_rows() > 0) {
      $data = $result->row_array();
      $name = $data['user_name'];
      $level = $data['user_lvl'];
      $sesdata = array(
        'user_name' => $username,
        'user_lvl' => $level,
        'logged_in' => TRUE
      );
      $this->session->set_userdata($sesdata);
      if ($level === '1') {
        redirect('Admin');
      } elseif ($level === '2') {
        redirect('User');
      }
    } else {
      echo "<script>alert('Access Denied');history.go(-1);</script>";
    }
    $this->load->view('login_view');
  }
}
Ronald Balza
  • 33
  • 1
  • 1
  • 8
  • Welcome to SO ... maybe this `level` variable is `1` not `'1'` ? an integer not a string? – lagbox Sep 21 '20 at 23:39
  • What does `var_dump($this->session->userdata('level'));` output? Place it above your `if()` statement in the `function index()` context. – Will B. Sep 21 '20 at 23:41
  • Check the value in the database, is it a string or a number? –  Sep 22 '20 at 00:28
  • @fyrye NULL access denied! chewie, it is integer. lagbox, yes it is integer. – Ronald Balza Sep 22 '20 at 01:45
  • As the data is being retrieved directly from database results, it is not an integer value, it is a numeric string. eg `SELECT 1` will always be a numeric string in PHP database APIs unless the value is cast to an integer value, or [the driver option is enabled](https://stackoverflow.com/a/25692758/1144627). – Will B. Sep 22 '20 at 01:56
  • @fyrye hallelujah! Thank you and it works! :) appreciated the help especially with a noob like me :) – Ronald Balza Sep 22 '20 at 02:03
  • Since `var_dump` is returning `NULL`, the session value is not set. This is because you have a typo. it should be `user_lvl` from the `$sesdata` variable and not `level`, so check `$this->session->userdata('user_lvl')` - fixed the typos of my own – Will B. Sep 22 '20 at 02:06

1 Answers1

-1

I Suggest use double equals instead triple equals

if ($this->session->userdata('level') == '1') {
  $this->load->view('admin_view');
} else {
  echo "Access Denied";
}

And also check if level is string or int..

lamboktulus1379
  • 350
  • 1
  • 4
  • 10
  • I agree with this. one equal means you will assign that var into that value. 2 equals means it is at equal value, ignoring the data type. Triple equals will check if the var is at the same value AND the same type. So if one is integer and one is string it will return false. – Bonifacius Sarumpaet Sep 22 '20 at 00:10
  • @i did and still the same output. access denied! – Ronald Balza Sep 22 '20 at 01:46
  • As a general practice, you should avoid loose-type comparisons (`==`) whenever possible and when the variable can be of multiple data-types. Instead you should favor strict-type comparisons (`===`). For [example](https://3v4l.org/q39Sr) `'2' == true` is expected to return `false`, but actually returns `true` or `(0.1 + 0.2) === 0.3` is expected to be `true` but correctly returns `false`. Mistakes like these lead to a lot of application bugs. – Will B. Sep 22 '20 at 02:18
  • 1
    Before check the level, I think the best way to check the level is try to var_dump($sesdata); die(); @RonaldBalza – lamboktulus1379 Sep 22 '20 at 03:53
  • thank you all for your input :) will surely help this alot on my dev journey. – Ronald Balza Sep 23 '20 at 04:10