0

I made a login page, which works fine. Every account on my system has a username, password and permission. On the login screen you only have to fill in your username and password, and the record gets automatically linked to the session, so Im sure the session knows what permission it has when logged in. I want to make a difference between a admin and a user account. An admin account should be redirected to a different screen as the user. This is my code:

if ($_SESSION['Permission'] = "admin") { 
    header("location:adminmenu.html");
} else {
    header("location:usermenu.html"); 
}

When I run this, it automatically takes me to the admin menu, even if the statement is not correct. How can I fix this?

This isnt the same, because the question isnt about parse errors.

fdssfd
  • 9
  • 3
  • 8
    You are assigning `=`, not comparing, `==` or `===`. – jeroen Nov 08 '18 at 08:00
  • Even if I change that, it still redirects me to the adminmenu everytime. – fdssfd Nov 08 '18 at 08:02
  • You have assigned the permission to the session, so you need to destroy the session first and make sure this does not happen anywhere else. – jeroen Nov 08 '18 at 08:03
  • It's usually a good idea to practice writing `if ('foo' == $var)` instead of `if ($var == 'foo')` so that if you miss one `=` it will throw an error. – IMB Nov 08 '18 at 08:03
  • I added a session_destroy(); and a session_start(); in front of the statement, now it only redirects to usermenu.html. – fdssfd Nov 08 '18 at 08:06
  • It is still not working properly, am I using $SESSION['Permission'] correct? – fdssfd Nov 08 '18 at 08:11
  • @IMB is it? Think I see the $var == 'foo' option being more widely used, barely ever come across 'foo' == $var? seems more like a preference than good practice ... your point is valid about the declaration side of it, but just include the correct amount of `==`/`!=` ... ? – treyBake Nov 08 '18 at 08:55
  • @fdssfd var_dump $_SESSION['Permission'] and see what the value is per user – treyBake Nov 08 '18 at 08:56
  • @ThisGuyHasTwoThumbs See [Yoda conditions](https://en.wikipedia.org/wiki/Yoda_conditions) as also pointed by Robert in his answer below. – IMB Nov 08 '18 at 09:08
  • @IMB familiar with them, I just personally don't see the point personally - I prefer to compare the value against the var rather than var against a value (if that makes sense), and I just always make sure I'm using the correct amount of `==` .. guess it's just never been a problem for me (yet haha) – treyBake Nov 08 '18 at 09:13

3 Answers3

0

Check the following:

1.) Use comparing instead of assigning

if ($_SESSION['Permission'] === "admin") { 
header("location:adminmenu.html");
} else {
header("location:usermenu.html"); 
}

2.) Make sure you run session_start() on each request

3.) Make sure $_SESSION['Permission'] is set, run var_dump($_SESSION); to make sure the value is set correct.

Rikard
  • 171
  • 1
  • 6
0

Make sure when comparing values you have == and not =. Also see if there is session_start(); at the top of page.

session_start();
if ($_SESSION['Permission'] == "admin") { 
header("location:adminmenu.html");
} else {
header("location:usermenu.html"); 
}
ggwp
  • 29
  • 5
0

This is because instead of comparing you assign to $_SESSSION['Permision'] admin value and this is returned to if statement. Then in if statement it will be check if "admin" == true which in this case is true.

The easiest way to avoid that is to use YODA Expressions with ternary operators it simplifies the code 

session_start();
header('Location: ' . isset($_SESSION['Permission'] && 'admin' === $_SESSION['Permission'] ? 'admin' : 'user' . 'menu.html');

it does the same like the code below(in terms of result)

if (isset($_SESSION['Permission'] && "admin" === $_SESSION['Permission']) {
   header("Location: adminmenu.html");
} else {
   header("Location: usermenu.html");
}

Notice also the present of isset() function which check if Permission exists in session array because when you don't check it then you'll get notice of non existing index

Robert
  • 17,808
  • 4
  • 50
  • 79