I have several pages which I need securing.
I have a login in form which reads the username and password from a database and sets
$_SESSION['user'] = $row['username'];
This seems to be working fine
Now where it starts to go wrong is when I call the access levels set numerically
e.g
if($row['level']== 2) { echo "Do something and administrator can see"; } else { echo "Do something a guest user can see"; }
Sometimes the guest user can see what the admin is supposed to see and sometimes the admin can only see what the guest user is supposed to see.
I have an include at the start of each page with
if (!isset($_SESSION['user'])) {
session_start();
}
and i am logging out each user with
if (!isset($_SESSION['user'])) {
session_start();
}
unset($_SESSION['user']);
echo "<script>self.location="login.php";</script>";
Does anyone know where I am going wrong.