I really can't get this working.
The users account type is assigned to the $_SESSION["user_type"].
You have 2 account types that can edit orders. Admins(admin) and Sub Admins(sadmin).
The "content_id" is the information displayed depending on the the page type.
What's wrong with this statement?
And yes. ob_start(); and session_start(); are running
//Disallow all users from edit orders. Except admins and Sub admins.
if ($_SESSION["user_type"] !== "admin" || $_SESSION["user_type"] !== "sadmin" && $_GET["content_id"] == "edit_order"){
header ("location:home.php");
}
Here are some basics:
true || *anything* = true
false || false = false
false && *anything* = false
true && true = true
Now that we have established that, let's get to what you want.
Users who can edit your page is either admin OR sub-admin. The reverse, user who cannot edit your page, is neither admin nor sub-admin.
That gives us: User who is non-admin AND non-subadmin AND is trying to access edit page, send to home page.
if ($_SESSION["user_type"] !== "admin" && $_SESSION["user_type"] !== "sadmin" && $_GET["content_id"] == "edit_order")
{
header ("location:home.php");
}
By the way, any reason you are using !== for checking user type, but == to check content id?
I think this is what you are asking for
//Disallow all users from edit orders. Except admins and Sub admins.
if (($_SESSION["user_type"] !== "admin" || $_SESSION["user_type"] !== "sadmin") && $_GET["content_id"] == "edit_order"){
header ("location:home.php");
}
Note the extra set of brackets around the combined condition
$_SESSION["user_type"] !== "admin" || $_SESSION["user_type"] !== "sadmin"
This tells PHP that it can be either an admin or an sadmin but it must be edit_order
That said I think there is a logic error where you actually mean if it is not an admin or sadmin then you want to redirect so it should be an AND not an OR
if ($_SESSION["user_type"] !== "admin" && $_SESSION["user_type"] !== "sadmin" && $_GET["content_id"] == "edit_order")
PHP will just read the statement from left to right, assigning true or false internally as it goes.
What you need to do is contain some conditions in parentheses so they’re evaluated as one. In your case:
if (
$_SESSION['user_type'] !== 'admin' ||
($_SESSION['user_type'] !== 'sadmin' && $_GET['content_id'] == 'edit_order')
) {
header('Location: home.php');
}
//Disallow all users from edit orders. Except admins and Sub admins.
if (($_SESSION["user_type"] !== "admin" || $_SESSION["user_type"] !== "sadmin") && $_GET["content_id"] == "edit_order"){
header ("location:home.php");
}
http://www.php.net/manual/en/language.operators.precedence.php
Note : I think that your condition doesn't match, because you will always have user_type different from admin OR sadmin (even if you are admin or sadmin)
You simply needs "&&"
//Disallow all users from edit orders. Except admins and Sub admins.
if ($_SESSION["user_type"] !== "admin" && $_SESSION["user_type"] !== "sadmin" && $_GET["content_id"] == "edit_order"){
header ("location:home.php");
}
AND takes precedence over OR.
You said:
condition1 || condition2 && condition3
PHP interprets this as:
condition1 || (condition2 && condition3)
Instead, you want:
(condition1 || condition2) && condition3
You need to put the parentheses around the OR condition yourself.
I think it should be
//Disallow all users from edit orders. Except admins and Sub admins.
if ($_SESSION["user_type"] !== "admin" && ($_SESSION["user_type"] !== "sadmin" && $_GET["content_id"] == "edit_order")){
header ("location:home.php");
}