I need to prevent access to " http://localhost/oms/category/index.php " page where $_SESSION['role'] is not equal 'Administrator' or 'Operator'. so when an user with another role (not admin or operator) try to access to above page, user is redirected to another page. it's ok. but alert message is not work. how can i fix this.
code in localhost/oms/category/index.php is here
session_start();
if (!isset($_SESSION['username'])) {
header('Location: ../login/index.php');
}
if (!($_SESSION['role'] == 'Administrator' || $_SESSION['role'] ==
'Operator')) {
$_SESSION['alert-warning'] = "You do not have permission to access the
page.";
header('Location: ../customer-order/');
}
code in redirected page is here
<?php
session_start();
if (isset($_SESSION['alert-success'])) {
?>
<div class="alert alert-success" id="success-alert" role="alert" data-auto-
dismiss="2000">
<button type="button" class="close" data-dismiss="alert">x</button>
<strong>Success! </strong>
<?php echo $_SESSION['alert-success']; ?>
</div>
<?php
unset($_SESSION["alert-success"]);
} else if (isset($_SESSION['alert-unsuccess'])) {
?>
<div class="alert alert-danger" id="unsuccess-alert">
<button type="button" class="close" data-dismiss="alert">x</button>
<strong>Error ! </strong>
<?php echo $_SESSION['alert-unsuccess']; ?>
</div>
<?php
unset($_SESSION["alert-unsuccess"]);
} else if (isset($_SESSION['alert-warning'])) {
?>
<div class="alert alert-warning" id="success-alert" role="alert" data-auto-
dismiss="2000">
<button type="button" class="close" data-dismiss="alert">x</button>
<strong>Warning! </strong>
<?php echo $_SESSION['alert-warning']; ?>
</div>
<?php
unset($_SESSION["alert-warning"]);
}
?>
Your || statement is always false, switch it to:
if (!($_SESSION['role'] == 'Administrator' && $_SESSION['role'] == 'Operator'))
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.