2

First of all, I'm completely new at this so be patient.

So there are different roles in my database like admin and safand if the person logged in is an admin I want them to see everything but if the person logged in is saf I just want them to see the DashboardandSAF.

If you need any other code I can provide it but I think this is enough??

database

<?php 
session_start(); 

$ligaBD=mysqli_connect("localhost","root","","pap"); 

if (!isset($_SESSION['loggedin'])) { 
    header('Location: login.html'); 
    exit(); 
} 

if (!isset($_SESSION['role']) || ($_SESSION['role'] != 'admin')) { 

?>
<ul class="nav navbar-nav">
    <li class="active"><a href="admin.php">Dashboard</a></li>

    <li><a href="biblioteca.php">Biblioteca</a></li>
    <li><a href="conselhoadmin.php">Conselho Administrativo</a></li>
    <li><a href="saf.php">SAF</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
    <li><a href="#">Bem-vindo, admin <?=$_SESSION['name']?></a></li>
    <li>
        <a href="https:a"><img src="./images/mail.png" alt="la" height="13" width="20" /></a>
    </li>
    <li><a href="./logout.php">Logout</a></li>
</ul>

<?php

}else if (!isset($_SESSION['role']) || ($_SESSION['role'] != 'saf')) {
?>

    <ul class="nav navbar-nav">
        <li class="active"><a href="admin.php">Dashboard</a></li>
        <li><a href="saf.php">SAF</a></li>
    </ul>
    <ul class="nav navbar-nav navbar-right">
        <li><a href="#">Bem-vindo, saf @login</a></li>
        <li>
            <a href="https:a/"><img src="./images/mail.png" alt="la" height="13" width="20" /></a>
        </li>
        <li><a href="./login.html">Logout</a></li>
    </ul>

<?php
    mysqli_close($ligaBD);
?>

What happens to me with this code is that when I log-in as a SAF user I can see the admin features anyway.

I'd be really appreciated if you could help me. Thank you

Improve this question

3 Answers 3

Reset to default
2

You are messing up with if conditions.

First if condition should be:

if (isset($_SESSION['role']) && ($_SESSION['role'] == 'admin')) {
 // Show admin role links.

And second if condition should be:

if (isset($_SESSION['role']) && ($_SESSION['role'] != 'admin')) { 
 // Show admin Non-admin/saf role links.
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hi thanks for replying! I tried to do what you said but now it says prntscr.com/ndm5bw which is another role prntscr.com/ndm5vf
Please clarify why these changes should be made, Pupil?
1

Youy need to tidy up your if statements. Many of them are checking two conditions when then only really need to check one.

Also you could replace your if statements with switch statements instead if the choices become numerous.

The below simplified code will show admin details to the admin flagged $_SESSION variable, and SAF details to the SAF flagged variable.

Also use the strict comparison tool === as best practise. Check for positive matches not negative matches (look for === not !==).

Please note the argument list is in a different order from your original code. 

/***
 * I would suggest using the below line to avoid error report NOTICES.
 * Setting an unset value to false also fits the later test of empty()
 ***/
if(!isset($_SESSION['role'])){
    $_SESSION['role'] = false;
}


if ($_SESSION['role'] === 'admin') { 

?>
Admin Dashboard HTML

<?php

}
elseif ($_SESSION['role'] === 'saf'){
?>

     SAF Dashboard HTML

<?php
}
elseif (!empty($_SESSION['role']) ) {
 ?>
   Some other authentication level dashboard (optional). 
<?php
}
 mysqli_close($ligaBD);
?>
Improve this answer

5 Comments

Thank you for replying! I did the changes that you suggested and I got this error: Notice: Undefined index: role
@Pedro well you need to set the value of role. If you intend for role to not be set then you can just ignore those notice level warnings.
Updated and now it doesnt show anything :/ prnt.sc/ndrjfh This is how it should be: prntscr.com/ndrkk9
@Pedro There was a typo I have now fixed. You should have got a notice on this. Please retry with the new code, above. Thanks.
Good morning, sorry for the late reply. I tested it and it still doesnt show anything, however I tried to change from 'role' to 'name' and isntead of 'admin' I wrote '[email protected]' which is the username associated with the admin role. So the problem is on 'role'. Thank you
0

If you want to show Dashboard and saf to all the users, you can use if condition like below:

if (isset($_SESSION['role']) && ($_SESSION['role'] != 'admin')) {
     // Show Dashboard and saf and other links to all users.
     <ul class="nav navbar-nav">
        <li class="active"><a href="admin.php">Dashboard</a></li>
        <li><a href="saf.php">SAF</a></li>
    </ul>
    <ul class="nav navbar-nav navbar-right">
        <li><a href="#">Bem-vindo, saf @login</a></li>
        <li>
            <a href="https:a/"><img src="./images/mail.png" alt="la" height="13" width="20" /></a>
        </li>
        <li><a href="./login.html">Logout</a></li>
    </ul>

}else{
    // Show All links admin users.
    <ul class="nav navbar-nav">
        <li class="active"><a href="admin.php">Dashboard</a></li>
        <li><a href="biblioteca.php">Biblioteca</a></li>
        <li><a href="conselhoadmin.php">Conselho Administrativo</a></li>
        <li><a href="saf.php">SAF</a></li>
    </ul>
    <ul class="nav navbar-nav navbar-right">
       <li><a href="#">Bem-vindo, admin <?=$_SESSION['name']?></a></li>
       <li>
           <a href="https:a"><img src="./images/mail.png" alt="la" height="13" width="20" /></a>
       </li>
       <li><a href="./logout.php">Logout</a></li>
    </ul>

}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.