AdRock Posted March 17, 2008 Share Posted March 17, 2008 I have a function which I have at the top of each restricted page which only allows access to logged in users. //if the user has not logged in, redirect them to the login page if ((!is_authed_user()) || (!is_authed_admin())) { header('Location: login.php'); } I have made the is_authed_admin() function but am having problems. Even if the session exists for a user level of less than 3, the user is redirected to the home page The is_authed_user() function works fine on it's own but not with the other function. Have I done the admin function wrong or have i called the 2 fiunctions wrong? These are the 2 auth functions function is_authed_user() { // Check if the encrypted username is the same // as the unencrypted one, if it is, it hasn't been changed if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name'])) { return true; } else { return false; } } function is_authed_admin() { // Check if the encrypted username is the same // as the unencrypted one, if it is, it hasn't been changed if (isset($_SESSION['username']) && (md5($_SESSION['username']) == $_SESSION['encrypted_name']) && ($_SESSION['user_level'] == 3) && (md5($_SESSION['user_level']) == $_SESSION['encrypted_user'])) { return true; } else { return false; } } and here are the sessions that get registered when the user logs in $user_id = $user['user_id']; $user_level = $user['user_level']; // Now encrypt the data to be stored in the session $encrypted_id = md5($user['user_id']); $encrypted_name = md5($user['username']); $encrypted_user = md5($user['user_level']); // Store the data in the session $_SESSION['user_id'] = $user_id; $_SESSION['username'] = $username; $_SESSION['user_level'] = $user_level; $_SESSION['encrypted_id'] = $encrypted_id; $_SESSION['encrypted_name'] = $encrypted_name; $_SESSION['encrypted_user'] = $encrypted_user; Link to comment https://forums.phpfreaks.com/topic/96625-function-to-authenticate-users/ Share on other sites More sharing options...
OkBoy Posted March 18, 2008 Share Posted March 18, 2008 Either remove your nots or make the OR and AND. //if the user has not logged in, redirect them to the login page if ((!is_authed_user()) || (!is_authed_admin())) { header('Location: login.php'); } What you are saying is IF a user is not logged in OR user is not an admin, redirect to login page. One of those will always be true if the user is not an admin, hence the redirect. What you want to say is IF a user is not logged in AND user is not an admin, redirect to the login page. Link to comment https://forums.phpfreaks.com/topic/96625-function-to-authenticate-users/#findComment-494515 Share on other sites More sharing options...
AdRock Posted March 18, 2008 Author Share Posted March 18, 2008 What about this. If they are either a user or admin or would it be && instead of || if(is_authed_user()) || (is_authed_admin()) { $result = mysql_query( //etc etc etc } Link to comment https://forums.phpfreaks.com/topic/96625-function-to-authenticate-users/#findComment-494529 Share on other sites More sharing options...
OkBoy Posted March 18, 2008 Share Posted March 18, 2008 That should work perfectly! Any luck? Link to comment https://forums.phpfreaks.com/topic/96625-function-to-authenticate-users/#findComment-494955 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.