Setting Different Access Privileges

[Acute Chaos]

I'm building a members' site.  I am a major noob so I am using various tutorials to get me through this but my lack of php know how has me stopped. 

 

I have two groups of users on this site.  They both use the majority of the site but there are pages that only one group can access and other pages that only the other group can access.

 

I have a session set to ensure they are logged in to access the site.  Works fine.

 

In my database I have a place that marks the status of the user and I thought if I set another session var specific to each group using that information I could check that before allowing access to their specific pages.  Makes sense?

 

Here is what I have:

 

session_start();

 

if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {

header("location: access-denied.php");

exit();

 

How do I code:

 

if "SESS_MEMBER_ID" and "SESS_STATUS - set to 'coach'" are both not set - access denied

 

or   

 

if "SESS_MEMBER_ID" and "SESS_STATUS - set to 'player'" are both not set - access denied

 

 

If this isn't the best way to go about it please say so as well!!

 

Thanks so much in advance for your help.  I really appreciate it! 

[wildteen88]

  Quote

How do I code:

 

if "SESS_MEMBER_ID" and "SESS_STATUS - set to 'coach'" are both not set - access denied

 

or     

 

if "SESS_MEMBER_ID" and "SESS_STATUS - set to 'player'" are both not set - access denied

 

Like so

// define the people to allow access
$people_to_allow = array('coach','player');

if ( !(isset($_SESSION['SESS_MEMBER_ID']) && is_numeric($_SESSION['SESS_MEMBER_ID'])) ||        // check that SESS_MEMBER_ID is set and contains a number
     !(isset($_SESSION['SESS_STATUS']) && in_array($_SESSION['SESS_STATUS'], $people_to_allow)) // check that SESS_STATUS is set and that is in the $people_to_allow array
    )
{
    header("location: access-denied.php");
    exit();
}

[Acute Chaos]

Thanks for the reply.

 

Forgive my ignorance... but that's why I'm here I guess.

 

With this how can I be specific for access in that on one page I only allow the 'coach' access and other pages only allow 'player' access?

 

The member id lets everyone in and this would appear to let everyone in as well.  No?

[mikesta707]

if you only want the player or coach allowed just take whoever isn't allowed out of the $people_allowed array.

[Acute Chaos]

That makes sense... sorry. 

 

Can I have only one thing in an array?

 

and is    '||'  essentially saying 'and' if this 'and' if this

 

Thanks for your help!

[wildteen88]

  Quote

and is    '||'  essentially saying 'and' if this 'and' if this

No || means OR

&& means AND

[Acute Chaos]

lol - of course.

 

not sure why i took on this project but it'll make them happy when its done and i am sure learning a hell of a lot!!

[Acute Chaos]

Just got time to implement this.  It works like a dream.  Soooo easy!  Thanks for the help!