I have small issue! I current have a UserID number coming from a login page, Can I not do something like this?
This works:
session_start();
if (isset($_SESSION["UserID"])){
}
include('../includes/navAdmin.inc.php');
}
else {
header('Location: Login.php');
}
But I want to do something more like this to restrict links to certain users etc:
session_start();
if (isset($_SESSION["UserID"])){
}else if (isset($_SESSION["UserID"] === 1){ <---this one to give the "admin" the admin page etc
include('../includes/navAdmin.inc.php');
}
else {
header('Location: Login.php');
}
Seems like I can't or the syntax is wrong perhaps? Can someone point me in the right direction please?
Thanks in advance!
You will need to modify your code to check if it is set and equal to 1.
if (isset($_SESSION["UserID"]) && $_SESSION["UserID"] === 1)
rather than the else if.
Just set an else condition after that if it is not set or equal to 1.
On another note, add exit; after header. If you have more code below that, it way want to continue to execute.
http://php.net/manual/en/function.header.php
As per the manual:
<?php
header("Location: http://www.example.com/"); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */
exit;
?>
Sidenote: As spotted/stated in comments by thanksd. There is an extra brace here, if that is your actual code.
if (isset($_SESSION["UserID"])){
}
include('../includes/navAdmin.inc.php');
} // Right there
else {
header('Location: Login.php');
}
and that would have thrown you an unexpected end of file notice having error reporting set to catch/display.
You may have meant to do:
if (isset($_SESSION["UserID"])){
include('../includes/navAdmin.inc.php');
}
else {
header('Location: Login.php');
}
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Then the rest of your code
Sidenote: Displaying errors should only be done in staging, and never production.
Write your condition as below:-
session_start();
if (isset($_SESSION["UserID"])){
if($_SESSION["UserID"] === 1){
include('../includes/navAdmin.inc.php'); die;
}else{
header('Location: Login.php'); die;
}
}else{
header('Location: Login.php'); die;
}
Related
I am trying to redirect my php login page so that if user is authorised, it goes to a page (r_index.php) and if the user isn't authorised they go back to the login page (login.html).
This is my code:
<?php
if ("password"=="$password") { // Start the condition ?>
Manage classes
<?php } // End the condition ?>
<?php if ("password"=="") { ?>
Login
<?php }
?>.
What am I doing wrong? How should I resolve it?
replace your code with this:
<?php
if ("password"== $password) {
header("location:r_index.php");
}
else if ($password=="") {
header("location:login.html");
}
?>
If you want to redirect you should use:
header('Location: http://www.example.com/r_index.php');
in your code.
<?php
$accessGranted = false;
if($password == 'password') {
$accessGranted = true;
}
if($accessGranted) {
header('Location: r_index.php');
}
else {
header('Location: login.html');
}
exit;
Actually your syntax is wrong, else there is no problem of using HTML inside php. It will work well and good.
Just make sure not to put your variable inside quotes, and change the statement as follows:
if($password=="password")
and
if($Password==" ")
Here is my code
<?php
if (!isset($_SESSION)) { session_start(); }
if (!isset($_SESSION['username'])) { header("Location: index.php"); }
ob_start();
if($_POST) {
$id = $_POST['book_id'];
$command = $_POST['command'];
$sourcePage = $_POST['source'];
} else if ($_GET){
$command = $_GET['command'];
$sourcePage = $_GET['source'];
$id = $_GET['book_id'];
} else {
header("Location: index.php");
}
// if command is 2 then show cart content
if($command == 2) {
showCart();
// if command is 1 then add book to cart
} else if($command == 1) {
addToCart($id);
header("Location: $sourcePage");
// if command is 0, then remove book from cart
} else if($command == 0) {
deleteFromCart($id);
header("Location: $sourcePage");
} else if(!isset($command)){
header("Location: index.php");
}
ob_flush();
?>
Why is it that even if I'm not logged in, I'm not redirected?
is it possible that the page is simply refreshing under the condition that $_POST or $_GET exists, falling into one of the later header("Location: ...") commands?
If so, you'd want to fix the problem by adding a die();
if (!isset($_SESSION['username'])) { header("Location: index.php"); die(); }
Using exit() or die functions may fix the problem. But there is only very very limited amount of situations where actually need to use one of these functions.
I think you can enhance if else conditions by putting some more conditions. But this will increase your lines of code.
From my experience, every time there is redirect via headers, its following connected code tends to execute.
For example : if you have an else/else if along with an if(which has the redirect code) then they will also be executed and the redirect never happens. However if you break up the conditions into individual ifs then after entering one if if a redirect is present such that there is no succeeding code after that header code in the if then the redirect will happen.
Better to use die()/exit() all over to avoid discrepancies.
How it should work:
Index.php is the secured page. It includes check.php, which checks if you have a session = good. If it hasn't, you're not logged in -> log off, remove session. But it doesn't work, it always logs off, like I didn't log in...
index.php
include ‘check.php’;
echo "logged in";
check.php
session_start();
if($_SESSION[‘login’] != ‘good’) {
unset($_SESSION[‘login’]);
unset($_SESSION[‘name’]);
header(‘Location: login.php?logoff’);
exit();
}
Login.php
if(isset($_POST[‘login’])) {
$gb = array();
$gb[‘user1’] = ‘pass1’;
$gb[‘user2’] = ‘pass2’;
if(isset($gb[$_POST[‘username’]]) && $gb[$_POST[‘username’]] == $_POST[‘password’])
{
$_SESSION[‘login’] = ‘good’;
$_SESSION[‘name’] = $_POST[‘name’];
header("Location: index.php");
} else {
header("Location: login.php?wrongpass");
}
} else { ?>
Login Form
<?php } ?>
I hope someone can help me!
You should verify you started the session in login.php.
Put session_start(); in all the pages
You need to have session_start() at the top of all the pages, you havent shown the session start for your login page.
(Thanks to Danny for proving I cant type)
Check that you have register_globals is On in your php.ini
First check on the pages you want to use session variables session is start or not and if session is not stat then start it.
and this is the very first line in the php file.
Code for the session checking is :
if(!session_id())
{
session_start();
}
if($count==1){
session_start();
$_SESSION['Username'] = $UserName;
$_SESSION['Password'] = $password;
UpdateOnlineChecker($Session);
header( "Location: http://". strip_tags( $_SERVER ['HTTP_HOST'] ) ."/newHolo/" );
exit;
}
else {
echo "Wrong Username or Password";
}
Look at my code. It checks if the statement is true (for me, if there is one row with a query statement i execute). Then i start a session and basically Ill define global session variables, sned out a query to my database to update the session and then refer through.
you are missing a session_start(); in your if true block.
Use one for action document such as index.php there is code:
session_start();
if(isset($_POST['login']) && isset($_POST['password'])){
// login
header('Location: (here is some page)');
}
if(!isset($_SESSION['user']){
// #todo some action
} else {
require_once('login.php');
}
if(isset($_GET['logout'])){
unset($_SESSION['user']);
header('Location: (here is some page)');
}
I think problem is header:
('location:------.php);
Your hosting server doesn't run this.
You can use this:
echo "<script>window.location.href='-----.php'</script>";
I am looking to add pages on my site that only people with a certan rank will be able to see while others will be kicked to a different page. What would be a simple way of doing this?
This is what I have right now.
<?php session_start();
$rank=$_SESSION['rank'];
$loggedinusername=$_SESSION['loggedinusername'];
$loggedinuseremail=$_SESSION['loggedinuseremail'];
?>
Thanks
For single allowed rank
if ($rank != 'allowed_rank') {
header('Location: some_other_page.php');
exit;
}
For multiplpe allowed ranks
if (!in_array($rank, array('allowed_rank1', 'allowed_rank2'))) {
header('Location: some_other_page.php');
exit;
}
<?php
session_start();
if ($_SESSION['rank'] > 1) // or whatever your minimum rank is
{
header('Location: highrankpage.php');
}
else
{
header('Location: lowrankpage.php');
}
exit();
?>
You'll want to include this code on every page that you want to protect.
On my index page I have a link to my login.php page with this code:
<?php
if(isset($_SESSION['username'])) {
echo "<div id='logout'><a href='logout.php'>Logout (".$_SESSION['username'].")</a></div>";
} else {
echo "<div id='login'><a href='login.php'>Login (Regular)</a></div>";
}
?>
On the login.php page I have
<?php
include('check.php');
$ref = getenv('HTTP_REFERER');
if (isset($ref)) {
header("Location: " . $ref);
exit;
} else {
header("Location: index.php");
exit;
}
?>
check.php is the code for the login form and it checks the users level to make sure they can access the page. I was told that I need to add a check to see if the referral is login.php, otherwise it will go in an infinite loop and I am of course getting "This webpage has a redirect loop". However, I have no clue how to do this and I can't find any information on how to fix it. Anyone know a quick solution?
You should be able to just do
if (isset($_SERVER['HTTP_REFERER']) && end(explode('/',$_SERVER['HTTP_REFERER'])) != 'login.php') {
header("Location: " . $_SERVER['HTTP_REFERER']);
exit;
} else {
header("Location: index.php");
exit;
}
Note that this is a simplified code - you may need to be a bit smarter than that.