i'm trying to add roles for certain pages on a small internal site i am running.
i assign the following sessions when user logs into the site login form;
// Register $username, $role Sessions and redirect
$_SESSION['username']= $username;
$_SESSION['accessLevel'] = $role;
$_SESSION['is_logged_in'] = true;
i then have the following on my logout.php page;
<?php
session_start();
session_destroy();
header("Location: ../login.php");
?>
i want to restrict page based on the users $_SESSION['accessLevel']
for instance only show page if $_SESSION['accessLevel'] == 'admin' else redirect to login page (or error page)
here is what i have on an admin page;
<?php
session_start();
if (!isset($_SESSION['username']) && $_SESSION['accessLevel'] == 'admin'){
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<p>ADMIN AREA!! </p>
<p>username: <?php echo $_SESSION['username'];?></p>
<p>Access: <?php echo $_SESSION['accessLevel'];?></p>
</body>
</html>
<?php
}
else {
header("location:../login.php");
}
?>
now the page redirects to login.php when i login using admin credentials if i remove the check i print_r the sessions are correct;
$_SESSION['accessLevel'] = admin
$_SESSION['username'] = testuser
where am i going wrong?