What am I doing wrong with this session code?

Question

I am trying to make the page inaccessible unless the user has a specific permissionlevel and is a user of the system.

I have provided my code below.

<?php
session_start();

        include 'login/config.php';

        if($_SESSION['username']=='user' && $_SESSION['permissionlevel']!='one');{
            echo "<script>you dont have permission to access this page</script>";
            header:("location:dashboard.php");
        }



?>

Where am I going wrong with the code?

EDIT:

Code modified with help of Neelesh, however it still isn't working.

Answer 1

I think you search for an ACL implementation or how its work. The Zend Framework has a good implementation of this. Look here: http://framework.zend.com/manual/current/en/modules/zend.permissions.acl.intro.html how its work.

regards

Answer 2

if suppose you have userroles like adminstrator and user

and permission levels one,two and three

based on this userrole and permission levels you can have check for that page if you are converting them into session while login

if($_SESSION['USERROLE']=='USER' && $_SESSION['PERMISSIONLEVEL']!='THREE')
{
echo "<script>you dont have permission to access this page</script>";
header:("location:index.php")
}

by this simple check you can give acces to a particular page if not redirect him to home page with an alert msg