[SOLVED] if (!$_SESSION['loggedIn'] == 'admin') is not working

[plodos]

MySQL code

CREATE TABLE IF NOT EXISTS `user` (
  `id` int(11) NOT NULL auto_increment,
  `username` varchar(50) collate latin1_general_ci NOT NULL,
  `password` varchar(50) collate latin1_general_ci NOT NULL,
  `email` varchar(200) collate latin1_general_ci NOT NULL,
  `type` varchar(20) collate latin1_general_ci NOT NULL,
  PRIMARY KEY  (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci;

 

id  username  password    email        type

1        p                  p            a@a      admin

login_control.php

$sql="SELECT * FROM user WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);
    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched table row must be 1 row
    if($count==1){
    	$row	= mysql_fetch_array($result);
	$_SESSION['loggedIn'] = $row['type'];
	$_SESSION['id']		  = $row['id'];
	header("location:{$row['type']}.php?");
}

 

that part is not working, how can I control the correct type user

user.php (for users)  admin.php (for admins)

only admin user must see that part. But HOW ?

Can any body give me a hint?

If there are guys or girls who has done similar things, please help me

Thanks in advance

admin.php

session_start();

if (!$_SESSION['loggedIn'] == 'admin') 
{
header("location:login.php"); 
die ();
}
//page start here

 

 

[revraz]

Echo your session variable and see what it contains

 

change

 

if (!$_SESSION['loggedIn'] == 'admin')

 

to

 

if ($_SESSION['loggedIn'] != 'admin')

 

[plodos]

i login with user account

id  username    password        email        type

10        pa                  pa            a@aa      user

than im going to user.php page.

but when I write admin.php also I can see the admin part

user mustnt see the admin part. what can be the problem?

if (!$_SESSION['loggedIn'] == 'admin') 
{
header("location:login.php"); 
die ();
}
print_r($_SESSION);  
echo "<br />".$_SESSION['loggedIn'];  //type is user but I can see the admin page

[revraz]

You didn't read what I posted.

 

what can be the problem?

[plodos]

I forgot to put  if ($_SESSION['loggedIn'] != 'admin')

you are right!

 

thank you

[plodos]

I have another question

that code gives the current page

$pageURL ="http://";

$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER['REQUEST_URI'];

 

how to redirect to previous page?

 

<?php 
if ($_SESSION['loggedIn'] != 'admin')
{   //check the registered user, if not go index.php 
if(!$_SESSION['id'])
{
	header("location:index.php"); 
	die();
}
else //if registered with different user type, turn back to your page
{//header("Location:".$_SERVER['HTTP_REFERER']."");
	$pageURL ="http://";
        $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER['REQUEST_URI'];
        //echo $pageURL = www.aaaa.com/admin.php
        //but it must redirect to = previous page
        header("Location: $pageURL ");
        die();
}
}
?>

[revraz]

http://php.about.com/od/learnphp/qt/HTTP_REFERER.htm

[plodos]

<?php 
if ($_SESSION['loggedIn'] != 'reviewer')
{   //check the registered user, if not go index.php 
if(!$_SESSION['id'])
{
	header("location:index.php"); 
	die();
}
else //if registered with different user type turn back to your page
{
      echo $HTTP_REFERER;
      header("Location:".$_SERVER['HTTP_REFERER']."");
}
}
?>

 

this part is not working

else 
{
      echo $HTTP_REFERER;
      header("Location:".$_SERVER['HTTP_REFERER']."");
}

but if I write like this it is working

else 
{
      session_destroy();
      exit();
}

 

WHY header("Location:".$_SERVER['HTTP_REFERER'].""); is not working!!!!!

[plodos]

I add javascipt 100% working now

<?php	else //if registered with different user type turn back to your page
{
  echo " <script language='JavaScript'>history.go(-1);</script>";  
}?>

[revraz]

The reason REFERER wasn't working is because you ECHO'd it first here

 

echo $HTTP_REFERER;

 

And then you tried to use HEADER after, which won't work.