-2

I am trying to decide whether I should use the variable isset or not for permission based, such as checking to see if the user is an admin or not. So far it has been working well using isset but doesn't quite work for one of my pages unless I omit the isset.

From my understanding, the first if condition uses isset because it is checking to see if the u_uid exists or not but I read then when comparing numbers like if the user is an admin or not, should I just use $_session without isset? I am a bit confused here

I tried both the with and without isset and for one of my pages, it works better using without isset

<?php
include_once __DIR__.'/header2.php';
if(!isset($_SESSION['u_uid'])) {
    echo "<meta http-equiv='refresh' content='0;url=index.php?create_music_cat=notlogin'>";
    exit();
} else {
    if($_SESSION['u_permission'] == 0){
        echo "<meta http-equiv='refresh' content='0;url=header2.php?create_music_cat=nopermission'>";
        exit();

    }
}
daedsidog
  • 1,732
  • 2
  • 17
  • 36
piano0011
  • 15
  • 6
  • Those are 2 different methods of checking if a session is set and if one equals something; totally different animals here. – Funk Forty Niner Dec 29 '18 at 13:31
  • Isset simply check if the variable you check is set, first if checks if u_uid in $_SESSION have a value, the second if check if the session u_permission is equal to 0; – Art3mix Dec 29 '18 at 13:32
  • One session array of the same name could be set but not equal to that of an admin. You need to add an additional condition. – Funk Forty Niner Dec 29 '18 at 13:32

1 Answers1

0

In your case, you should use both,

The isset is to check if the user is logged in or not, and the value of the session is to check if the user has the admin right or not.

EX :

if (isset ($_SESSION['user']))
{
 // User logged in
 if ($_SESSION['user'] === 1)
 {
  // User is admin
 }
}

*To make you understand, when you use isset, you just check if the session exist and not the session's value, so if the session exist, the user is logged in, then when you check the session's value, you can find out if the logged in user has ther admin right or not.

Soren
  • 260
  • 4
  • 13
  • thanks and that explains why sometimes it doesn't work because the numbers don't have to be set – piano0011 Dec 30 '18 at 01:39
  • I guess I should use isset for a form being passed from a form? – piano0011 Dec 30 '18 at 01:39
  • I didn't understand your question @piano0011 – Soren Dec 30 '18 at 09:50
  • I guess what I am trying to say is that when comparing against a number such as permission, it doesn't have to be set and therefore, I don't have to use isset – piano0011 Dec 30 '18 at 09:54
  • If I understood what you mean, you can't compare against something which is not set ! In your code, you need two different condition, and one of them is the comparing against the value of your session which could be anything (a number or an string) – Soren Dec 30 '18 at 09:56