Using || in if statements - php

If a user visits test.php?number=1 or test.php?letter=1, I want them to stay on the page. If they visit test.php, I want them to be re-directed.
I have tried to accomplish the above using the script below, however the following happens:
if the user visits test.php?number=1, they stay on the page.
If the user visits test.php?letter=1, they are re-directed.
if(!isset($_GET['number']) === false || $_GET['letter'] === false) {
echo '<h1>Hello</h1>';
}else{
header('Location: redirect.php');
exit();
}
Note: the value of number and letter can change! It won't always be 1!

Instead of isset() use empty() in this case as an non-existent value does not do you any good, ie. test.php?number= with no value entered for number. Ditto for letter.
The following will check if either number or letter contain a value, to which the condition will satisfy and <h1>Hello</h1> will print. Otherwise, if neither contain a value, you will be redirected.
if ( ! empty($_GET['number']) || ! empty($_GET['letter']) ) {
echo '<h1>Hello</h1>';
}
else {
header('Location: redirect.php');
exit;
}

Related

Admin only access to page, if statment doesn't work

I'm trying to give access to admin tools only to the admin.
What I tried to do: the session variable id, which is unique for every user.
first I checked if there is even a session, if there isn't I send the user to the index, than I check for the unique if of the admin "20" if the user's id is different than 20 I send him the the index.
my problem: my if statment doesn't work, I get sent back to index even when i'm logged-in as the admin.
My code:
<?php
if(isset($_SESSION['userId'])){
header('Location:index.php?b');
}
if($_SESSION['userId'] != 20){
header('Location:index.php?a');
}
?>
?a and ?b are for debugging, I get sent to index.php?a when I try to access the my page.
when I echo $_SESSION['userId'] I get 20, so maybe something is wrong with the type?(although I checked and it says that != shouldn't be effected by different types)
EDIT: sorry, I didn't describe what I wanted correctly, if the id of the user is 20 I want him to stay in the page, if it isn't I want to redirect him to index.
thanks!
Because you perform one test when that test passes or fails the comparison is over. You should probably perform a comparison like this because you only want to redirect when the ID is not 20:
<?php
session_start();
if(isset($_SESSION['userId']) && $_SESSION['userId'] != 20) {
header("Location: index.php");
exit();
}
?>
Check if session is set and if so assign its value to a variable with the null coalesce operator. Redirect using the ternary operator.
<?php
session_start()
//$_SESSION['userId'] = 19; // Redirects to index.php?a
$_SESSION['userId'] = 20; // Redirects to index.php?b
// use the null coalesce operator and ternary
$id = $_SESSION['userId'] ?? null;
($id == '20') ? '' : Redirect('index.php?a');
echo 'Still in page ...';
// Ensure an exit() after redirect
function Redirect($url) {
header('Location: ' . $url);
exit();
}
//Output: Still in page ...
?>
EDIT:
You can combine these steps to achieve this in one line:
(($_SESSION['userId'] ?? null) == 20) ? '' : header('Location: index.php?a');
This returns $_SESSION['userId'] if it's set and not null, otherwise it returns null. Then it checks this against the value 20 and uses it in the ternary operator to either do nothing ('') or redirect to index.php.
Your first if condition checks if the session is set (which is true) so it redirects you to index. So you should do:
session_start()
if(isset($_SESSION['userId'])){
if($_SESSION['userId'] != 20){
header('Location:index.php?a');
}else{
header('Location:index.php?b');
}
}

restrict page without variable , only open if coming from a page or site

page-one.php code
<?php
//page-one.php
session_start();
$_SESSION['page_one'] = time();
?>
hello this is page 1 go to page 2
Page 2
page-two.php code
<?php
//page-two.php
session_start();
//Check to see if session variable exists.
if(!isset($_SESSION['page_one'])){
//Does not exist. Redirect user back to page-one.php
header('Location: 404.php');
exit;
} ?>
this is page 2
Works perfect but I have 2 questions:
what if i delete page-one bcz i want to show page 2 to all vistors who are coming on page 2 by clicking a link
or what if user is coming on page-two through google.com , in this case how page-two will pass page_one variable
This doesn't make much sense, but for your specific questions:
if(!isset($_SESSION['page_one']) &&
strpos($_SERVER['HTTP_REFERER'], 'google') === false &&
strpos($_SERVER['HTTP_X_FORWARDED_FOR'], 'google') === false &&
file_exists('page-one.php')
{
header('Location: 404.php');
exit;
}
Check if the session variable is not set
Check if HTTP_REFERER is not google
Check if HTTP_X_FORWARDED_FOR is not google
Check if page-one.php has not been deleted
$_SERVER['HTTP_REFERER'] is not reliable as it may be wrong, a proxy server or empty and $_SERVER['HTTP_X_FORWARDED_FOR'] is not guaranteed to be set or reliable.
With the previous caveats in mind, you can see if someone came from another site by checking:
if(!isset($_SESSION['page_one'] &&
!isset($_SERVER['HTTP_REFERER'] &&
!isset($_SERVER['HTTP_X_FORWARDED_FOR'])
{
header('Location: 404.php');
exit;
}
If you add a get parameter to all links then it's easier:
Page 2
Then:
if(!isset($_SESSION['page_one'] && !isset($_GET['link'))
{
header('Location: 404.php');
exit;
}

Am I not using the _GET function properly to open another page?

I'm asking this because my teacher was displeased with how it worked. By that I mean ,when I typed in the query string to change sites, instead of typing ?page=flight and it staying that way it changed to../flight-details.php which is the direct page name.
Router.php:
<?php
$nav =array("home"=>"home.php",
"flight"=>"flight-detail.php",
"order"=>"order-flight.php",
"testimonial"=>"add-testimonial.php");
if ( isset ($_GET) )
{
header('Location: ' . $nav[$_GET['page']]);
}
else
{
header('Location:index.php');
}
There are few issues with your code, such as:
$_GET is a superglobal array, right now you are just checking whether the array is set or not. Your if condition should be like this:
if(isset($_GET['page']) && in_array($_GET['page'], array_keys($nav))){ ...
Otherwise you would get undefined index error if someone types anything other than the following four combinations, ?page=home&..., ?page=flight&..., ?page=order&... and ?page=testimonial&....
header(...); is not enough to redirect the user to a different page, use exit(); immediately after header(...); statement.
So your code should be like this:
$nav =array("home"=>"home.php",
"flight"=>"flight-detail.php",
"order"=>"order-flight.php",
"testimonial"=>"add-testimonial.php");
if(isset($_GET['page']) && in_array($_GET['page'], array_keys($nav))){
header('Location: ' . $nav[$_GET['page']]);
}else{
header('Location:index.php');
}
exit();
Here's the relevant reference:
http://php.net/manual/en/function.array-keys.php

Help with PHP if / else statement

On my site, forms are brought in via AJAX and checked against a sessionid. I know this is not optimal, but it's working for us. If the referrer doesn't have the session ID they are redirected back to "anotherpage". I need to allow some outside URL's access the form directly.
we set the sessionid on the page with the link to the form.
Here is what we have now on the form page:
<?php
$code = $_GET['sessionid'];
if(strcmp( $code , 'XXXXX' ) != 0) {
header("Location: http://www.domain.com/anotherpage.php");
}
?>
I need to allow some outside domains direct access to the form page and am having issues with this:
(I'm putting it above the head tag on the form page)
<?php
$code = $_GET['sessionid'];
$referrer = $_SERVER['HTTP_REFERER'];
if(strcmp( $code , 'XXXXX' ) !=0) {
header("Location: http://www.domain.com/anotherpage.php");
} else {
if (preg_match("/site1.com/",$referrer)) {
header('Location: http://www.domain.com/desiredpage.php');
}
}
?>
this still bounces me back to "anotherpage.php" any ideas?
********EDIT*******
thx for the help, it works ad I requested. Now I see what I asked wasn't entirely correct. This appends the URL with =sessionid?=XXXXX. This isn't an issue on my site because I'm loading the content with .jquery .load so the URL doesn't change. I don't want the sessionid to be visible, and now it is. Can I either a) "trim" the url somehow or b) separate the two functions so they are exclusive?
if(strcmp( $code , 'XXXXX' ) !=0) {
if (preg_match("/site1.com/",$referrer)) {
header('Location: http://www.domain.com/desiredpage.php');
} else {
header("Location: http://www.domain.com/anotherpage.php");
}
}
As I read your post, you want anyone from the preg_match to get the desired page regardless of sessionID status, so you don't want to test sessionID first.
Start the if block with the preg_match test.
Your first if is checking to see if they don't have the $code and redirecting them. This will always be the case. You should probably check the $referrer first and then do the $code check.
Try reverse if with else
<?php
$code = $_GET['sessionid'];
$referrer = $_SERVER['HTTP_REFERER'];
if (preg_match("/site1.com/", $referrer)) {
header('Location: http://www.domain.com/desiredpage.php');
} else if (strcmp( $code , 'XXXXX' ) != 0) {
header("Location: http://www.domain.com/anotherpage.php");
}
?>
If I'm not misunderstanding this, the problem is in the order in which you are checking things.
If you want to allow some referrers to access the site even if they don't have the session id, you have to check for that before checking for the session id. Otherwise, they will end up being treated just like everyone else.
You can either switch the order of the conditions (first check for the referrer and then check fo the session id) or check for the referrer inside the branch in which you already know the session id is not valid.
The issue could be in your regex, it should be:
if (preg_match("/site1\.com/",$referrer))
notice escaping the dot (.)

Using PHP $_SERVER[HTTP_REFERER] to display custom welcome messages/content

I'm trying to display a custom welcome message to visitors based off what social media site they are coming in from. I can't get this string to work but it is echoing back no matter what the refering site is. Can anyone help me get this to work? Many thanks!
<?php
if (strpos("twitter.com",$_SERVER[HTTP_REFERER])==0) {
echo "Welcome, Twitter User! If you enjoy this post, don't hesitate to retweet it to your followers";
}
?>
Tried using
<?php
if(isset($_SERVER['HTTP_REFERER'])) {
echo $_SERVER['HTTP_REFERER'];
}
?>
to get this to work but no luck.
strpos returns false when the search word does not appear in the string. 0 also evaluates to false when compared to a boolean. So false == 0, and your code always runs.
Use a strict comparison to require both value and type match instead of ==
if (strpos("twitter.com", $_SERVER['HTTP_REFERER']) === 0) {
echo "Welcome, Twitter User! If you enjoy this post, don't hesitate to retweet it to your followers";
}
However, the referrer will not start with twitter.com, it'll start with http:// or https:// so your condition wasn't right in the first place. To search for twitter.com anywhere else in the string:
if (strpos("twitter.com", $_SERVER['HTTP_REFERER']) !== false) {
echo "Welcome, Twitter User! If you enjoy this post, don't hesitate to retweet it to your followers";
}
I think you may have confused strpos() with strcmp(), being strcmp() returns 0 when two strings are equal. strpos() returns the position at which a string was found. Try:
<?php
if (strpos('twitter.com', $_SERVER['HTTP_REFERER'] != 0)) {
echo "Welcome, twitter user.";
}
?>

Categories