[SOLVED] != Comparisson Not Working

[kjtocool]

Every user in my system has a numerical access level.  In the header of various files, I check the session accessLevel to see if they should be allowed to view the page.

 

When a user submits the login page, the loginVal page sets the access level from the data stored in the database:

 

<?php
...code

$_SESSION['userName'] = $row['username'];
$_SESSION['userID'] = $row['user_ID'];
$_SESSION['accessLevel'] = $row['accessLevel'];
echo '<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://www.********.com/CMS/options.php">';

...code
?>

 

As you can see, it then re-directs to the options.php page.  In the header of this page, I do a check:

 

<?php
session_start();

if (!isset($_SESSION['userID']))
    {
        header("Location: http://www.*****.com/CMS/login.php");
    }

if ($_SESSION['accessLevel'] < 1)
{
        header("Location: http://www.*****/CMS/login.php");
    }
?>

 

The system has access levels of 1, 2, 3, or 4.  So this first checks that a session's userID is set, then checks to see that the user has an accessLevel.  This check works perfectly.

 

The options.php shows various links, dependent on your access level.  These pages all do checks as well, here is an example of editArticle.php:

 

<?php
session_start();

if (!isset($_SESSION['userID']))
    {
        header("Location: http://www.*****.com/CMS/login.php");
    }

if ($_SESSION['accessLevel'] != 1 || $_SESSION['accessLevel'] != 2 || $_SESSION['accessLevel'] != 4)
{
        header("Location: http://www.*****.com/CMS/login.php");
    }
?>

 

This is supposed to check, and if their accessLevel isn't = to 1, 2 or 4, kick them out.  But when someone with accessLevel 1 logs in and then clicks the link to editArticle or any option with a similar check, it kicks them out and sends them to the login page.  I have no idea why.

 

:-\

 

Any ideas?

 

 

[Yesideez]

Try replacing the || to && and it should work.

[corbin]

Edit: Ahhh someone beat me.....  Anyway:

 

Are you trying to only allow access level 3 on that page?  If so, just do:

 

if($_SESSION['accessLevel'] == 3) {

}
else {
    header('blah blah');
    exit; //note: it's good practice to terminate processing after location commands, since headers are only suggestions for the browser to go some where, and PHP may continue the script, meaning someone could see the page.
}

[kjtocool]

Gosh, that's what I get for coding for almost 8 hours, the simpliest logic starts to escape me.  Thanks guys, an extra set of eyes always helps.

 

Oh and to answer your question, I did it this way to make sure there is a double check, because in the future, the system might end up with users who don't have an access level, and your way wouldn't kick them out.

 

I'll go ahead and add the exit; statement, thanks for the tip.

[corbin]

ahhhh, to do it so it would kick people without an access level:

 

Actually, that would kick them out.

 

lets say $x = '' then $x doesn't equal 3, so the else would be executed.  In programming languages, == is like 'if and only if' (well then you have || and stuff, but hopefully you know what I mean).

 

if($_SESSION['accessLevel'] == 3) {

    //this would match 3 and only 3

}

else {

    //this would send 0, 1, -1, 5, null, '', so on to a page

    header('blah blah');

    exit; //note: it's good practice to terminate processing after location commands, since headers are only suggestions for the browser to go some where, and PHP may continue the script, meaning someone could see the page.

}

[kjtocool]

Ahh, you had an else statement on yours.  I see now, yeah, if you include the else statement it will kick them out.