Page 1 of 1

Why isn't this code working?

Posted: Thu Jul 24, 2008 3:41 pm
by antoine
I have this code at the top of my pages that I want to restrict access to logged on members only. Can anyone find the fault?

Code: Select all

 
<?php
session_start();
 
if (!(isset($_SESSION['verified']) && $_SESSION['verified'] != '')){
   header ("Location:http://www.mydomain.com/no_access.html");
}
?>
 
I set up a code that displays all the set SESSION variables just to make sure logout.php was working, and they are all unset, but it still allows access to the page.

Once I can figure this out, I want to make it so only one client and the admin can access it, but I can't even get this to work. So if someone helps me with this, I'll be asking for more. Something along the lines of:

Code: Select all

 
<?php
if ((!$_SESSION[user_name] == "Bob") || (!$_SESSION[user_name] == "Admin")){
    header ("Location:$_SESSION[redirect]"); // A predefined complete URL, client-specific
}
?>
 
Any help appreciated... Thanks

Re: Why isn't this code working?

Posted: Thu Jul 24, 2008 4:02 pm
by Dynamis
antoine wrote:

Code: Select all

 
if (!(isset($_SESSION['verified']) && $_SESSION['verified'] != '')){
 
The only way this will be true is if $_SESSION['verified'] is not set and $_SESSION['verified'] == ' '

It seems like you are double checking the seem variable there. This simple code should work for what you need

Code: Select all

 
if ( !isset($_SESSION['verified']) ){
 

Re: Why isn't this code working?

Posted: Thu Jul 24, 2008 4:05 pm
by antoine
It still doesn't work. I know it should, but it isn't. And sessions are working, because the code that outputs all sessions shows true data when it is set and nothing when it isn't...

Re: Why isn't this code working?

Posted: Thu Jul 24, 2008 4:18 pm
by Dynamis
Even simplier, yet should still work

Code: Select all

 
if ( !$_SESSION['verified'] ){
 

Re: Why isn't this code working?

Posted: Thu Jul 24, 2008 5:04 pm
by antoine
Nope. Nothing. I'm confused.

Re: Why isn't this code working?

Posted: Thu Jul 24, 2008 5:13 pm
by s.dot
put exit; after your header call.

header('Location: ...');
exit;

Re: Why isn't this code working?

Posted: Thu Jul 24, 2008 5:15 pm
by antoine
Thanks scottayy, but I've already tried that and it doesn't work either...

I've also tried changing 'verified' to 'user_name' and still nothing. It should work...

Also, when a user is logged in, 'verified' becomes 1, but when I say

Code: Select all

<?php
if (!$_SESSION['verified'] == "1") {
   header ("Location:...")
}
?>
or

Code: Select all

<?php
if ($_SESSION['verified'] !== "1") {
   header ("Location:...")
}
?>
..it still loads like normal. I am pretty sure this code was working earlier today, and I don't remember changing anything, and it looks error free, so I really am lost!

Re: Why isn't this code working?

Posted: Thu Jul 24, 2008 6:00 pm
by antoine
So the problem seems to be in the NOT operator (!).

If I change the code to:

Code: Select all

<?php
if ($_SESSION['verified'] == "") {
   header ("Location:...");
}
?>
.. (when 'verified' is actually blank) it redirects, but if I make it:

Code: Select all

<?php
if (!$_SESSION['verified'] == "1") {
   header ("Location:...");
}
?>
it loads fine, even though it is still blank and NOT 1.

Likewise, if I put:

Code: Select all

<?php
if ($_SESSION['user_name'] == "Bob") {
   header ("Location:...");
}
?>
and Bob is logged in, it redirects, but if I have:

Code: Select all

<?php
if (!$_SESSION['user_name'] == "Bob") {
   header ("Location:...");
}
?>
and Joe, Sally, or Admin are logged on, it still loads and doesn't redirect.

Any ideas? I also tried placing the ! right before the ==, and it acts the same. This is odd, don't you think?