A newbie problem that I cannot solve - I am sure the answer is simple.
I have constructed a simple login for a web site that also includes access levels (must be assigned a specific level to access the page).
Process
1. When a user successfully logs into the admin area, they are assigned an access level CODE[/CODE]
2. This is converted to a session variable
$_SESSION['loginAccessLevel'] = $loginAccessLevel;
3. At this point all is fine - on the admin index page, I am able to echo the session variables and they are correct.
Problem
4. When this user leaves the index page to go to one of the admin pages (i.e. user admin, article admin, etc) and then returns to the admin index.php page, session access level changes to "1".
I take this to mean that the $userAccessLevel somehow changes from integer to boolean. Is this correct? If so, how can I keep this value an integer?
The problem, and therefore the solution, may lie in my logincheck.php file that is included in each of the admin area pages. The purpose of this file is to check first if the user is logged in and secondly if they have the correct permissions.
Code is as follows:
<?php
if (!isset($_SESSION)) { //check to see if session is started
session_start(); //start session
}
if (empty($_SESSION['loginUsername'])) {
header("Location: /admin/login.php"); //if not logged in, to to login page
exit;
}
$isAuthorized = false; //assume not authorized
if ((!empty($_SESSION['loginUsername'])) //login userName is not empty AND
&& $_SESSION['loginAccessLevel'] <= $pageAccessLevel) { //has the appropriate access level for the page
$isAuthorized = true; //becomes authorized
return $isAuthorized;
}
header("Location: /admin/accessfailed.php"); //if the above conditions are not met
exit;
?>
Any ideas or suggestions where to begin?
