How to check userlevel?

Hi! I am having trouble in checking userlevel at the time of login. The pages set for admin level are not displayed if the user is not admin, but admin cant access the pages either!!:smiley: Please solve my problem!
My code is:

<?php

if(!isset($_SESSION['userlevel']) || empty($_SESSION['userlevel']))
{
if ($_SESSION['userlevel'] == 2)
{
echo "ADMIN";
}
else
{
header('Location:index.php?query=notadmin');
}
}
?>

Hello anita_86,

are you sure you have set the right value in the session? You could try to display the value when you are logged in as an admin

echo $_SESSION['userlevel'];

and see if is the expected one.

You are right alexx. When I made some changes in the code like:

<?php

if(isset($_SESSION[‘userlevel’]) || !empty($_SESSION[‘userlevel’]))
{
if ($_SESSION[‘userlevel’] == 2)
{
echo “ADMIN”;
}
else
{
header(‘Location:index.php?query=notadmin’);
}
}
else
{
echo “session not exists…”;
}
?>

I get following message:session not exists…
But it works fine with other levels.Dont know why its happening??

I suspect that only when you have an admin user you might not set the user level correctly, so it never gets to be equal with two. Just make a

var_dump($_SESSION['userlevel']);

when you are logged in as an admin and view the values you have stored there.

Whoa! var_dump($_SESSION[‘userlevel’]); is displaying a rude NULL.
Is there any problem in login.php page which I am using just to check the usernames and passwords match or not??
Here is the code:

<?php
if(isset($_POST[‘submit’]))
{
$user=$_POST[‘username’];
$pwd=$_POST[‘password’];
$query=mysql_query(“SELECT * from users WHERE username='”.$user.“’ and password='”.$pwd.“'”);
$row=mysql_fetch_array($query);
$level=$row[‘userlevel’];
if($row!=0)
{
$_SESSION[‘username’] = $row[‘username’];
if($level==2)
{
header(‘Location:index1.php’);
}
if($level==1)
{
header(‘Location:task.php?level=manager’);
}
}
else
{
header(‘Location:index.php?query=mismatch’);
}
}
?>

and I want to add following code on each page which is not accessible to members other than admin:

<?php
if(!isset($_SESSION[‘userlevel’]) || empty($_SESSION[‘userlevel’]))
{
header(‘Location:index.php?query=notadmin’);
?>
<?php
if ($_SESSION[‘userlevel’] == 2)
{
echo “ADMIN”;
}
}
?>

I really cant figure out what is the problem with admin?It asks for username & password to the admin each time I try to access admin pages.I also want to add that, only administrator can see the entire application & other members can only see one page i.e. calender.So
if ($_SESSION[‘userlevel’] == 2)
Entire pages has to be displayed in a frameset.

are you getting the right values from the sql?

var_dump($row);

Maybe you are not selecting the correct user…

Where are you setting $_SESSION[‘userlevel’] though? You’re setting the username in the session - $_SESSION[‘username’] = $row[‘username’]; - but not the userlevel.

Hush!!I somehow managed to make it work!
My new login.php script is:

<?php
if(isset($_POST[‘submit’]))
{
$user=$_POST[‘username’];
$pwd=$_POST[‘password’];
$query=mysql_query(“SELECT * from users WHERE username='”.$user.“’ and password='”.$pwd.“'”);
$row=mysql_fetch_array($query);
$_SESSION[‘userlevel’] = $row[‘userlevel’];
if($row!=0)
{
$_SESSION[‘username’] = $row[‘username’];
if($_SESSION[‘userlevel’]==2)
{
header(‘Location:index1.php’);
}
if($_SESSION[‘userlevel’]==1)
{
header(‘Location:task.php?level=manager’);
}
}
else
{
header(‘Location:index.php?query=mismatch’);
}
}
?>

Thanks for your continuous support and time alexx & Rob.The problem actually is in
$_SESSION[‘userlevel’] = $row[‘userlevel’];