check session variables

[esoteric]

I have many pages i want to only be accessed by an admin when they are logged in, at the moment they are accessed by anyone logged in or not, this is a big problem if someone figured out the right url so i been trying to only make them accessible if the right variables exist.

 

i have tried many thing but none of them seems to work, i have no idea why as they look right to me

attempt 1

session_start();
$admin = 'FALSE';

if (isset ($_SESSION['user_level']) && ($_SESSION['user_level'] == '5'))
{
$admin = 'TRUE';
}

if($admin = 'FALSE')
{
echo '<span style="color:#F00; text-align:center; font-size:14px;">Unauthorized Access Attempt!</span>';
  exit;
}

if ($admin = 'TRUE')
{

###my script here###

}

 

attempt 2

session_start();

if (isset ($_SESSION['user_level']) && ($_SESSION['user_level'] == '5'))
{

###my script here###

}else
{
echo '<span style="color:#F00; text-align:center; font-size:14px;">Unauthorized Access Attempt!</span>';
}

 

any ideas? all i want is it too check if the user level is 5 (which is my admin level) and if so allow access to the page, if not give and echo message.

 

Thank you.

[titan21]

A coupel of things here:

 

1. You use Strings to state whetehr something is true or false. Boolean values woudl serve you better.

 

2. Where you have put if($admin = 'FALSE') and if($admin = 'TRUE'). You are actually assigning these values rather than testing them for equality. Cange them to if($admin == 'FALSE') and if($admin == 'FALSE').

 

Let me know how you get on!

[AyKay47]

first attempt should work as long as you use the correct comparison operators as the poster above noted..

[esoteric]

So you use = to assign the variable a value and == to check the variable equal something?

 

Well either way that seems to have got it, thanks very much.

[titan21]

Yup - exactly right! Glad I could help!