Restrict Page to Admin Only

Hi All:

I'm sure this is super simple, but I'm struggling nonetheless.

I'm trying to restrict a page to administrators only. I've created a column in my database called 'UserLevel' and have assigned appropriate levels to each user. I've assigned user level = 2 to be the admin user, and I want to restrict a page only to those users logged with that level of clearance.

I've created a session variable called 'UserLevel' and have tested it by placing in dynamic text on a page, it seems to be working just fine.

I've create a rule called "Logged in as admin" and set the following conditions (taken from the Securite Assist generated php file):

case "Logged in to admin":
$comparisons[0] = array(TRUE, "".((isset($_SESSION['visitorID']))?$_SESSION['visitorID']:"") ."", 2, "");
$comparisons[1] = array(TRUE, "".((isset($_SESSION['UserLevel']))?$_SESSION['UserLevel']:"") ."", 1, "2");
break;

However, when I test this all out, it still lets anyone who is logged in to view the page. What am I doing wrong???

Thanks for your help in advance.

Hi All:

I solved my earlier problem by taking out the first condition, so now the users cannot view the specified page unless their user access level is equal to 2.

However, I'm a bit puzzled. The first condiiton was that the session variable containing their visitor ID must not be null. Shouldn't the 2 conditions put together work???

Just so I understand why it worked, could anyone help explain?

Thanks,

Doug

When you have multiple conditions on the page, only one of them needs to evaluate to true for the rule to pass. Once a condition evaluates to true, the rule passes and the other conditions are not checked.

I didn't realize that, I thought they all had to pass in order to validate the user. Thanks for the clarification.

Doug