I stumbled upon something that is causing me real hard time and I can't figure it out so, please take a look at my situation and help me out...
I am writing a code that is supposed to prevent some of the website users from accessing a specific part of the website called orders.php
Each user has a previously assigned role and I am trying to achieve this restriction by allowing only a few of the roles to access it so if you don't have some of the specific roles that are allowed to visit the website assigned to you, you get redirected to the homepage.
These is one of the ways that I've tried
if( $userrole !== 'Administrator' OR
$userrole !== 'Manager' OR
$userrole !== 'Product Hunter' OR
$userrole !== 'Product Selector' OR
$userrole !== 'Analytic' OR
$userrole !== 'Order Manager'){
header('Location: ../dashboard.php');
die;
}
else{
//code here
}
I tried using || instead of OR but it is not working either
I also tried using elseif statement for each role like this:
if( $userrole !== 'Administrator'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Manager'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Product Hunter'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Product Selector'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Analytic'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Order Manager'){
header('Location: ../dashboard.php');
die;
}
else{
//code goes here
}
As far as I understand, the code shall continue to execute the else statement the moment it reads your role name, for an example if you are an Administrator, then it shall execute the else statement because it is said that if you are not some of the specified roles then you will be redirected and since you are one of the specified roles then the code shall execute for you but for some odd reason it is redirecting you to the homepage no matter if you are an Administrator, Manager or a Visitor...
The only way the code allows you to visit the website instead of redirecting you to the homepage is when you have only one role specified, for an example:
if( $userrole !== 'Administrator'){
header('Location: ../dashboard.php');
die;
}else{
//code goes here
}
This way, if you are an Administrator, then you are allowed to visit the page, and if you have any different role then you get redirected.
The reason I use !== is because I want the code to define if this user can visit this part of the website at the beginning instead of telling it to show the code to the users with these few specific roles and redirect everyone else.
$userrole is previously set to equal a $_SESSION variable which contains the value of the actual role of the user and is defined at login, if I echo it, it prints the name of the role so that is not causing the problem for sure.
I've found some posts suggesting using switch statements but I haven't tried them yet since I prefer doing it this way if possible.
Thanks in advance!
i think you want to do this, because you want to restrict this page if the user has not a required role:
if( $userrole !== 'Administrator' &&
$userrole !== 'Manager' &&
$userrole !== 'Product Hunter' &&
$userrole !== 'Product Selector' &&
$userrole !== 'Analytic' &&
$userrole !== 'Order Manager'){
header('Location: ../dashboard.php');
die;
}
else{
//code here
}
better way I think:
$aAllowedRoles = array(
'Administrator',
'Manager',
'Product Hunter',
'Product Selector',
'Analytic',
'Order Manager'
);
if ( !in_array($userrole, $aAllowedRoles) ) {
header('Location: ../dashboard.php');
die;
}
// code here