Jump to content

OR || - not working help please

jigsawsoul

By jigsawsoul
in PHP Coding Help

 Share

Recommended Posts

jigsawsoul Regular Member

jigsawsoul

Posted
Posted

OR ||, is not working if i run them on there own with out the OR they work fine, but when running them together like below admin doesn't work i just don't get logged in,  just kicks me out, has no errors though. any help please  :confused:

 

function sessionAuthenticate ( )
{	
// Are you loged in is admin, when trying to asscess this page
	if (!isset($_SESSION["admin"]) || !isset($_SESSION["staff"]))
	{
		// Set error message
		$_SESSION["message"] = "<div class='error'>You are not authorised to access the URL: <br> {$_SERVER["REQUEST_URI"]}</div>";
		// After error message move to login.php
		header ("Location: login.php");
		exit;
	}
}

Link to comment
Share on other sites
ShadowIce Member

ShadowIce

Posted
Posted 

function sessionAuthenticate ( )
{   
   // Are you loged in is admin, when trying to asscess this page
    if (isset($_SESSION["admin"]) == 0 || isset($_SESSION["staff"]) == 0)
    {
       // Set error message
       $_SESSION["message"] = "<div class='error'>You are not authorized to access the URL: <br> {$_SERVER["REQUEST_URI"]}</div>";
       // After error message move to login.php
       header ("Location: login.php");
       exit;
    }
}

 

try that!

 

good luck!

 

also, you spelled "authorised" wrong. it's "authorized" ;)

Link to comment
Share on other sites
jigsawsoul Regular Member

jigsawsoul

Posted
  • Author
Posted

using the above code i have the same problem, i can loggin as a staff member but not as an admin. admin just returns me back to the login page displaying the error message. I thought the session my not be set to anything but when running the below code, i can login as an admin fine.

 

function sessionAuthenticate ( )
{   
   // Are you loged in is admin, when trying to asscess this page
    if (isset($_SESSION["admin"]) == 0)
    {
       // Set error message
       $_SESSION["message"] = "<div class='error'>You are not authorized to access the URL: <br> {$_SERVER["REQUEST_URI"]}</div>";
       // After error message move to login.php
       header ("Location: login.php");
       exit;
    }
}

 

but i need staff to be able to login too. so i using this code. adding OR ||

 

function sessionAuthenticate ( )
{   
   // Are you loged in is admin, when trying to asscess this page
    if (isset($_SESSION["admin"]) == 0 || isset($_SESSION["staff"]) == 0)
    {
       // Set error message
       $_SESSION["message"] = "<div class='error'>You are not authorized to access the URL: <br> {$_SERVER["REQUEST_URI"]}</div>";
       // After error message move to login.php
       header ("Location: login.php");
       exit;
    }
}

 

but now i can't loggin as an admin, just staff, admin returns to loggin with the error message.  :shrug:

 

 

 

 

 

 

Link to comment
Share on other sites
ShadowIce Member

ShadowIce

Posted
Posted 
function sessionAuthenticate ( )
{   
   // Are you logged in is admin, when trying to access this page?
    if (isset($_SESSION["admin"]) == 0 || isset($_SESSION["staff"]) == 0)
    {
       // Set error message
       $_SESSION["message"] = "<div class='error'>You are not authorized to access the URL: <br> {$_SERVER["REQUEST_URI"]}</div>";
       // After error message move to login.php
       header ("Location: login.php");
       exit;

    //Else you are logged in as a staff or the admin

    }else if (isset($_SESSION["admin"]) == 1 || (isset($_SESSION["staff"]) == 0)){

       header ("Location: admin.php");    

    }
}

Link to comment
Share on other sites
jigsawsoul Regular Member

jigsawsoul

Posted
  • Author
Posted

if (empty($_SESSION["admin"]) == 0 || empty($_SESSION["staff"]) == 0)

 

doesn't work at all, using this no one can login.

 

as for ShadowIce code example.

 

i don't want to go to a admin page, admin and staff see the same page, just admin has a different menu then staff

 

anyone help :) why me

Link to comment
Share on other sites
jigsawsoul Regular Member

jigsawsoul

Posted
  • Author
Posted

f_login.php

<?php

function authenticateUser ($username, $password)
{
   $result = "SELECT * FROM web_login WHERE username = '$username' AND password = '$password'";
   $result = mysql_query ($result) or die (mysql_error());
   $row = mysql_fetch_assoc ($result);   
      if (mysql_num_rows($result) == 1){
         switch ($row['userlevel']) {
            case "1":
               // The username and password match,
               // Set the session as ADMIN.
               $_SESSION['admin'] = true;
               $_SESSION['login_id'] = $row['login_id'];
               $_SESSION['username'] = $username;
               // After login move logged in page
               header ('Location: index.php');
               break;
            case "2":
               // The username and password match,
               // Set the session as USER.
               $_SESSION['staff'] = true;
               $_SESSION['login_id'] = $row['login_id'];
               $_SESSION['username'] = $username;
               // After login move loged in page
               header ('Location: index.php');
               break;
         }
      }
      else {
         // The username and password doesn't match
         // Set error message
         $_SESSION["message"] = '<div class="error">Login failed. Please try again or <a href="recover.php">reset your password</a>.</div>';
         // After error message move to login.php
         header ('Location: login.php');
      }
   }
   
function sessionAuthenticate ( )
{   
   // Are you loged in is admin, when trying to asscess this page
    if (isset($_SESSION["admin"]) == 0 || isset($_SESSION["staff"]) == 0)
    {
       // Set error message
       $_SESSION["message"] = "<div class='error'>You are not authorized to access the URL: <br> {$_SERVER["REQUEST_URI"]}</div>";
       // After error message move to login.php
       header ("Location: login.php");
       exit;
    }
}

?>

 

login2.php

<?php

session_start();

include ('_library/opendb.php');
include ('_functions/f_login.php');

$username = $_POST['username'];
$password = $_POST['password'];

authenticateUser ($username, $password); 

?>

 

index.php

<?php

session_start();

include ("_library/opendb.php");
include ("_functions/f_login.php");

sessionAuthenticate( );

?>

<!-- Page Header -->
<?php include("_template/header.php") ?>

<body>
<div id="body-wrapper">
<div id="sidebar"><div id="sidebar-wrapper">		
  
<!-- Sidebar Profile links -->
<?php include("_template/profile-links.php") ?>
		  
<!-- Sidebar Main Navigation -->
<?php include("_template/main-nav.php") ?>

<!-- Sidebar Inbox Message -->			
<?php include("_template/messages.php") ?>

</div></div> <!-- End #sidebar -->

<div id="main-content">

<!-- No Javascript Enabled -->			
<?php include("_template/no-js.php") ?>

<!-- Page Footer -->			
<?php include("_template/page-head.php") ?>

<!-- Page Footer -->			
<?php include("_template/footer.php") ?>

</div> <!-- End #main-content --> </div>
</body>
  
</html>

<?php include ("_library/closedb.php") ?>

 

Here's the full code, maybe the mistake is no another page? i don't see anything wrong.

 

help help please  :rtfm::wtf::confused:

 

Link to comment
Share on other sites
ignace Advanced Member

ignace

Posted
Posted
i can loggin as a staff member but not as an admin. admin just returns me back to the login page displaying the error message.

 

That's because of how || works. I assume you want to show the not-authorized message whenever someone tries to do something while not an admin nor a staff member.

 

Try:

 

function sessionAuthenticate ( )
{   
   // Are you loged in is admin, when trying to asscess this page
    if (!isset($_SESSION["admin"]) && !isset($_SESSION["staff"]))
    {
       // Set error message
       $_SESSION["message"] = "<div class='error'>You are not authorised to access the URL: <br> {$_SERVER["REQUEST_URI"]}</div>";
       // After error message move to login.php
       header ("Location: login.php");
       exit;
    }
}

Link to comment
Share on other sites
ignace Advanced Member

ignace

Posted
Posted

For future reference create a binary table:

 

a | b | -a | -b | -a+-b | -a.-b |
0 | 0 |  1 |  1 |   1   |   1   |
0 | 1 |  1 |  0 |   1   |   0   |
1 | 0 |  0 |  1 |   1   |   0   |
1 | 1 |  0 |  0 |   0   |   0   |

 

-a+-b = !a||!b

-a.-b = !a&&!b

 

As you can see in the above table it only returns true when both !a & !b return true where !a || !b only returned false when both !a & !b were false

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.