Need access for different account roles on a php page

ian111 · January 3, 2025, 9:39am

I have two different user roles, one is Member and the other is Secretary and I need to be able to allow access to a php page if either Member or Secretary is logged in. I originally had the code below which worked if a Member role was logged in

<?php
session_start();
// If the user is not logged in redirect to the login page...
if(!isset($_SESSION["account_loggedin"]) || $_SESSION["account_loggedin"] !== true || $_SESSION["account_role"] != 'Member') {
    include('includes/baseurl.php');        
    $title = "Show Diary - The British Rabbit Council";
    $pgDesc="";
    include ( 'includes/header.php' );
?>

I added the Secretary role to the code but it won’t allow me to access the page, I think it’s because I’m not logged in as a Member role and am logging as the Secretary role but I need access to the php page if I am logged in as either Member or Secretary

The current code I have is below

<?php
session_start();
// If the user is not logged in redirect to the login page...
if(!isset($_SESSION["account_loggedin"]) || $_SESSION["account_loggedin"] !== true || $_SESSION["account_role"] != 'Member' || $_SESSION["account_role"] != 'Secretary') {
    include('includes/baseurl.php');        
    $title = "Show Diary - The British Rabbit Council";
    $pgDesc="";
    include ( 'includes/header.php' );
?>

Can anyone help please, thank you in advance

ian111 · January 3, 2025, 10:00am

Think I just solved it by changing a line to the following

if(!isset($_SESSION["account_loggedin"]) || $_SESSION["account_loggedin"] !== true || $_SESSION["account_role"] != 'Member' && $_SESSION["account_role"] != 'Secretary') {

m_hutley · January 3, 2025, 2:35pm

If the user has two options for account role, and you want both of them to be able to access the page… dont check the role at all. Both are valid.

You dont put on your index page to check if(user_logged_in || user_not_logged_in) because… the user will always be in one of those two states. It’s a binary condition.

Pepster64 · January 3, 2025, 5:17pm

Another way of doing this would to be to do something like the following

   public function enforce_security_level(array $allowedLevels): void
    {
        if (!$this->check_login_token()) {
            header('Location: login.php');
            exit();
        }

        $userLevel = $_SESSION['security_level'] ?? 'visitor';

        if (!in_array($userLevel, $allowedLevels, true)) {
            header('Location: index.php'); // Redirect unauthorized users
            exit();
        }
    }

This was a method that I wrote for a class, but could be easily modified.

system · February 2, 2025, 5:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Redirecting users to different pages according to their roles PHP	9	30509	May 17, 2011
Hierarchical login panel in PHP PHP	5	1083	January 8, 2011
Query for different user groups login PHP	2	371	October 8, 2014
Session Management for Page Access Privileges PHP session	8	2246	April 12, 2019
Access in php site PHP	7	819	October 8, 2014

Need access for different account roles on a php page

Related topics