Leaderboard

the only user data you should store in a session variable upon login should be the user id, to identify WHO the logged in user is. this will either be set or it won't be. you should query on each page request to get any other user data, such as a username, permissions, or role. this is so that any changes made to this other user data takes effect on the very next page request. this will allow you to promote or demote a user without requiring them to logout and back in for the change to take effect. do you really want a situation where you have demoted or banned a user and they can still access a page because their session data says they can? i recommend that you simplify the logic and separate the login test from the user role test. also, to test if a variable is in a set of values, define an array of the permitted values and use in_array() to perform the test. using these suggestions, the logic would become - $page_roles = ['Member','Secretary']; // roles permitted for the current page $user_role = 'Guest'; // default value for a non-logged in user // is there a logged in user if(isset($_SESSION['user_id'])) { // query here to get any other user data, such as the user role, and store it in a regular variable // fake a value $user_role = 'Member'; // $user_role = 'Secretary'; // $user_role = 'Other'; } // logic to determine if the current user can access something on this page if(in_array($user_role,$page_roles)) { // access permitted echo 'permitted'; } // logic to determine if the current user cannot access something on this page if(!in_array($user_role,$page_roles)) { // access denied echo 'denied'; }