Hi Guys,

Just can't find the solution I am looking for. Searched High and Low, nobody hits quite the note I need.

I'm using sessions to carry a login over to subsequent pages, so on those pages obviously I want to check that status. I've tried several ways including:

if (!isset($_SESSION))
Please Login
else
Show Page

//this gives me the page, no matter what the session is set on

and

if ($_SESSION) != ['admin']))
Please Login
else
Show Page

//this gives me Parse error: Undefined Index: 'admin' - but works FINE if I have recently logged in as admin - ie: have a valid session.

At least I understand why this error occurs - Once the session expires, there is no variable called 'admin' stored in a session, it's gone.

Which is what I'm trying to work around. I need to check if the session variable exists AND what it is set to. So if a 'user' stumbles across an 'admin' page, they can't view it.

I want expiring sessions because there will be multiple users and admin using the same machine.

Hence my session timeout is set rather low. I think 15 minutes. I have a logout page which destroys both sessions and cookies, but the timeout is a backup in case someone doesn't logout.

Code:

<?php
session_start();

// Connects to your Database 
mysql_connect("localhost", "LOGIN", "PASSWORD") or die(mysql_error()); 
mysql_select_db("THIS_DB") or die(mysql_error()); 


if (!isset($_SESSION))

// or if ($_SESSION) != ["admin"]))

{
echo "<p align='center'><font face='Tahoma' size='6'>You are not Admin.  Please <a href='index.php'>Login</a></font></p>";
die();
}

else

// Show them this page

echo "BLAH"
?>

Thanks in advance. And sorry if this is a noob question :s

    how about this:
    if (!isset($_SESSION['admin']))
    {
    echo "<p align='center'><font face='Tahoma' size='6'>You are not Admin. Please <a href='index.php'>Login</a></font></p>";
    die();
    }
    else

    // Show them this page

    echo "BLAH"

      THAT'S the one I've been looking for!!

      You legend!

      Amazing isn't it, how you can look at a piece of code all day and not see the right way to do such a simple thing!

      Thank you so much!

      You should be happy knowing that you have just saved another perfectly good laptop from ending up at the bottom of a RIVER !! :p

      Cheers!

        That didn't quite do it.

        It handles the status being a different value - ie: not admin; but it doesn't handle it when $_SESSION = NULL - so a timed-out session or fresh start.

        I still get Undefined Index error when I jump to that page without logging in...

        Am I being too pedantic? Should I just turn error reporting off and let the page default to a "not logged in" msg when someone attempts to access it unauthed?

        This code, thus far, does protect the admin pages, since there is no session - the session still does not = 'admin', so the default code tells them, you are not admin - pls login.

        I would just like to know that all possibilities are being handled by the code, instead of defaulting out.

        Do you think there is a solution? Would it help if I gave you a URL to view the working page?

        Cheers.

        P.

          I just have to make allowance also for NULL. Then GIVE $_SESSION a value since it doesn't have one after a Timeout.

          Tedious, but necessary I suppose. I probably didn't need to do all this, Admin page won't load until $_SESSION = admin anyway, but I just wanted to know that the case was handled.

          Plus it was helpful in giving a more descriptive failure message. With the case being handled properly I can now distinguish between someone who isn't logged in (timed-out) and someone who is logged in but isn't Admin.

          <?php
//Logon to DB etc.
//Check Cookie.
//THEN check login:

if(!isset($_SESSION['status'])) { 
//session_regenerate_id();  <-- Not sure if I need this, seems to work without ATM.
$_SESSION['status']=NULL;

echo "<p align='center'><font face='Tahoma' size='6'>You are not Logged in.  Please <a href='index.php'>Login</a></font></p>";
echo "Session = ".$_SESSION['status']; //<-- echo for debugging
die();
}

else

if ($_SESSION['status'] !='admin')
{
echo "<p align='center'><font face='Tahoma' size='6'>You are not Admin.</p>  <p align='center'> Return to <a href='main.php'>Main</a>, or Please <a href='index.php'>Login</a></font></p>";
echo "Session = ".$_SESSION['status']; //<-- echo for debugging
die();
}

else

//Show Page
?>
            Write a Reply...