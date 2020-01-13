Hi All
New day new issue .
I’m working on a login system that currently redirects the user based on the user_level column in the db. on the login page, i have set the session variables as follows:-
// Store data in session variables
$_SESSION["loggedin"] = true;
$_SESSION["id"] = $id;
$_SESSION["email"] = $email;
$_SESSION["user_level"] = $userlevel;
if ($_SESSION["user_level"]==50){
header("location: admin/admin.php");
exit;
}
else {
header("location: dealer.php");
exit;}
The redirection based on user level works fine. The issue i have is, once the user is logged in, the session is not restricting access to the admin page if the user was to try and guess the correct url. Currently i have:-
// Initialize the session
session_start();
// Check if the user is logged in, if not then redirect him to login page
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true){
if ($_SESSION["user_level"]==50){
header("location: admin/admin.php");
exit;
}
else {
header("location: dealer.php");
exit;}
else {
header("location: login.php");
exit;}
}
Any advice would be much appreciated.