i cant figure out what is the mistake.
if((!isset($_SESSION['user_username'])) || (!isset($_SESSION['user_role']))){
header("location:index.php");
}elseif( $_SESSION['user_role'] != "admin" || $_SESSION['user_role'] != "superadmin" ){
header("location: noaccess.php");
}
This is my code.... Even if i log in with admin user (user_role=admin), it is redirecting to noaccess.php
I think your mistake is in the OR (||) in the second statement.
if((!isset($_SESSION['user_username'])) || (!isset($_SESSION['user_role']))){
header("location:index.php");
}elseif( $_SESSION['user_role'] != "admin" && $_SESSION['user_role'] != "superadmin" ){
header("location: noaccess.php");
}
User @mariobgr has the right answer, you just need to swap the || for a && on the second if statement. When you say something like if($a || $b) what you are really saying is "one of these things needs to be true" or "if $a is true, or $b is true then this statement is true". Your problem is that the way you are doing your statement will always return true. The role can't be both admin and superAdmin. For a little more explanation of why let's go through an example
So, $role = 'admin';. So the if statement says if($role != 'admin') which is false, because it is 'admin'. But the second part says if($role != 'superAdmin') which is true. So the if statement is true, because the second part is true. The opposite is true if $role = 'superAdmin';. The first part of the if is true and so the if statement is true because at least one of the statements is true.
If you switch the || to a &&, now both things need to be true in order for the if statement to evaluate to true. If $role = 'admin'; the first part is false so the if statement is evaluated to false. If $role = 'superAdmin';, the second part is false meaning the if is false. The only way for the if statement to evaluate to true is if you are not admin && you are not superAdmin.
