I have a code that goes the following:
if($_SESSION["verified"] !== true) {
header('location:login.php');
exit();
}
else {
//do code...
if(isset($_POST["submit"])) {
//do stuff with code...
}
}
Do I need to specify in the 2nd if tag that it should only run if they're logged in?
if($_SESSION["verified"] !== true) {
header('location:login.php');
exit();
}
else {
//do code...
if(isset($_POST["submit"]) && $_SESSION["verified"] === true) {
//do stuff with code...
}
}
To prevent people from submitting a POST on a page they shouldn't actually be able to access?
Or is there some better way to do it?
Related
I have that code and it work fine:
if (isset($_POST['submit1']))
{
if($_SESSION['user_token'] == $_POST['user_token']) {
unset($_SESSION['user_token']);
include_once('./token.php');
include_once('./my2page.php'); //**PAGE WITH SUBMIT2**
} else {
header("location: ./index.php");
}
} else {
include_once('./token.php');
include_once('./my1page.php'); //**PAGE WITH SUBMIT1**
}
token.php
$form_token = uniqid();
$_SESSION['user_token'] = $form_token;
The form in my1page.php contains:
<input type="hidden" name="user_token" value="<?php echo $_SESSION['user_token'];?>">
Now i need to nest a second if isset submit (token must be unset in the last submit).
WHAT I TRIED WITHOUT SUCCESS
if(isset($_POST['submit'])){
$_SESSION['submit']=true;
}
if (isset($_POST['submit']) || ( isset($_SESSION['submit']) && $_SESSION['submit'])) {
if($_SESSION['user_token'] == $_POST['user_token']) {
if (isset($_POST['submit1'])) {
if($_SESSION['user_token'] == $_POST['user_token']) {
unset($_SESSION['user_token']);
$_SESSION['submit']=false;
include_once('./script/token.php');
include_once('./my3page.php');
} else {
header("location: ./3.php");
}
}
include_once('./my2page.php');
} else {
header("location: ./index.php");
}
} else {
include_once('./token.php');
include_once('./my1page.php');
}
HTTP works stateless. That means that what is happening here is the following:
User calls this page for the first time. He sends a GET request so isset($_POST['submit1']) is false.
Now he clicks on submit and sends the first POST request. (I assume that you set a value for submit1 there.) isset($_POST['submit1']) is true and my2page.php gets returned.
He sends the third request. Again a POST request, but this time with a value for submit2. Your server template engine starts evaluating the php. isset($_POST['submit1']) is false, so it returns the old my1page.php
Basically, don't nest your checks, but use a it else instead. (Think of it as a switch/case
isset($_POST['submit1']) → ./my2page.php
isset($_POST['submit2']) → //end page
none → ./my1page.php
You can't have 2 submits in the same time so what happens here is
if(condition){
if(!condition){
//do somthing
}
}
this will never works try to use another page or i advice to save the first submit in the $_SESSION;
ADD this lign
$_SESSION['submit1'] = (isset($_POST['submit1']))? true: false;
than change the first condition
if (isset($_POST['submit1']) || $_SESSION['submit1']) {
if($_SESSION['user_token'] == $_POST['user_token']) {
if (isset($_POST['submit2'])) {
if($_SESSION['user_token'] == $_POST['user_token']) {
unset($_SESSION['user_token']);
$_SESSION['submit1']=false; //or unset($_SESSION['submit1']);
//DO SOMETHINGS
} else {
header("location: ./index.php");
}
}
include_once('./my2page.php'); //**PAGE WITH SUBMIT2**
} else {
header("location: ./index.php");
}
} else {
include_once('./token.php');
include_once('./my1page.php');
}
This is how it should be;
if(isset($_POST['submit1'])){
$_SESSION['submit1']=true;
}
if (isset($_POST['submit1']) || $_SESSION['submit1']) {
if($_SESSION['user_token'] == $_POST['user_token']) {
if (isset($_POST['submit2'])) {
if($_SESSION['user_token'] == $_POST['user_token']) {
unset($_SESSION['user_token']);
$_SESSION['submit1']=false; //or unset($_SESSION['submit1']);
//DO SOMETHINGS
} else {
header("location: ./index.php");
}
}
include_once('./my2page.php'); //**PAGE WITH SUBMIT2**
} else {
header("location: ./index.php");
}
} else {
include_once('./token.php');
include_once('./my1page.php');
}
Your close you could possible just change this
if (isset($_POST['submit1'],$_POST['submit2'])) { //check isset on both
if($_SESSION['user_token'] == $_POST['user_token']) {
if (isset($_POST['submit2'])) {
// if($_SESSION['user_token'] == $_POST['user_token']) { <--redundant check
unset($_SESSION['user_token']);
//DO SOMETHINGS
}
include_once('./my2page.php'); //**PAGE WITH SUBMIT2**
} else {
header("location: ./index.php");
}
} else {
include_once('./token.php');
include_once('./my1page.php');
}
Depending on if you want an AND or an OR the above is equivalent to this
if (isset($_POST['submit1']) && isset($_POST['submit2'])) {
Obviously if you want an or then just put it here
if (isset($_POST['submit1']) || isset($_POST['submit2'])) {
It's not clear if you are talking about 2 POST's that are separate or concurrent
I'm working on a website and the index page checks if the user is logged in or not with this piece of code:
if (!$_SESSION['login'] && $_SESSION['login'] == "") {
include_once($_SERVER['DOCUMENT_ROOT'] . "/login/");
} elseif ($_SESSION['login'] == 1) {
include_once($_SERVER['DOCUMENT_ROOT'] . "/main/");
}
But I want it to look cleaner, then I started wondering if was possible to achieve something like this with a function:
checklogin($_SESSION['login']);
I don't have much experience with functions, so i'm sorry if my question looks stupid, so thanks in advance.
Try this
if(check_login()) {
echo 'You are in!';
} else {
header('Location: login.php');
exit;
}
function check_login () {
if(isset($_SESSION['login'] && $_SESSION['login'] != '') {
return true;
} else {
false;
}
}
Just use empty:
if ( empty($_SESSION['login']) ) {
include_once($_SERVER['DOCUMENT_ROOT'] . "/login/");
} else {
include_once($_SERVER['DOCUMENT_ROOT'] . "/main/");
}
Or condense it:
include_once $_SERVER['DOCUMENT_ROOT'].(empty($_SESSION['login']) ? "/login/" : "/main/");
There is what you need:
function userCheck()
{
return (isSet($_SESSION['login']) && $_SESSION['login']);
}
if(userCheck())
include_once($_SERVER['DOCUMENT_ROOT'] . "/main/");
else
include_once($_SERVER['DOCUMENT_ROOT'] . "/login/");
Disregarding the fact of whether or not your approach makes sense, I think this would do what you expect:
function checklogin($login){
if (!$login && $login == "") {
include_once($_SERVER['DOCUMENT_ROOT'] . "/path/");
}
}
// **** call to the function
checklogin($_SESSION['login']);
// ****
You can use this function:
function checklogin() {
return (isset($_SESSION['login'])) ? true : false;
}
then on pages you want to check whether the user is logged in or not, you can:
if(checklogin() === true){
//here you would put what you want to do if the user is logged in
} else {
//this would be executed if user isn't logged in
header('Location: protected.php');
exit();
//the above would redirect the user
}
This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 9 years ago.
We're using a script to manage cookies on our joomla install. It works fine. When we install it on another site that isn't joomla we are facing these errors
Notice: Undefined index: prefcookie
Warning: Cannot modify header
information - headers already sent by (
Our code is
<?php
error_reporting(-1);
$url="/path/filter.php?u=http%3A%2F%2F".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
if ($_COOKIE['prefcookie'] == "path-all")
{
return;
}
elseif ($_COOKIE['prefcookie'] == "path-first")
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
elseif($_COOKIE['prefcookie'] == "path-block")
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
else
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=3");
?>
EDIT
That surpreses the error but doesn't solve the problem, the idea is that this checks the visitor for a preference and redirects the visitor to part of the site based on it, this fix just brings the visitor back to the requested file
The full code is
<?php
require_once('path/geoip/geoplugin.class.php');
$geoPlugin_array = unserialize( file_get_contents('http://www.geoplugin.net/php.gp?ip=' . $_SERVER['REMOTE_ADDR']) );
if ( $geoPlugin_array['geoplugin_continentCode'] == 'EU' )
{
require_once("path/includes/browser.php");
$browser = new Browser();
if( $browser->getBrowser() == Browser::BROWSER_GOOGLEBOT )
{
return;
}
elseif( $browser->getBrowser() == Browser::BROWSER_SLURP )
{
return;
}
elseif( $browser->getBrowser() == Browser::BROWSER_MSNBOT )
{
return;
}
else
{
$url="/path/filter.php?u=http%3A%2F%2F".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
// This will avoid undefined index
if ((!isset($_COOKIE['prefcookie'])) || ($_COOKIE['prefcookie'] == "path-block")) {
return;
}
elseif($_COOKIE['prefcookie'] == "path-first")
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
elseif($_COOKIE['prefcookie'] == "path-block")
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
else
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=3");}
}
?>
EDIT
Set pref cookie
<?php
if($_GET['optin'] == "all")
{
setcookie("prefcookie", "path-all", time()+60*60*24*30);
header("Location: http://".$_SERVER["HTTP_HOST"]);
}
elseif($_GET['optin'] == "first")
{
setcookie("prefcookie", "path-first", time()+60*60*24*30);
header("Location: http://".$_SERVER["HTTP_HOST"]."/path/filter.php?u=http%3A%2F%2Fwww.fatcowmedia.com%2F&b=2");
}
elseif($_GET['optin'] == "block")
{
setcookie("prefcookie", "path-block", time()+60*60*24*30);
header("Location: http://".$_SERVER["HTTP_HOST"]."/path/filter.php?u=http%3A%2F%2Fwww.fatcowmedia.com%2F&b=3");
exit;
}
?>
EDIT
how to find requested url
$url="/path/filter.php?u=http%3A%2F%2F".$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI'];
send to requested url
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
EDIT
<?php
error_reporting(E_ALL);
$url="/path/filter.php?u=http%3A%2F%2F".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
require_once('path/geoip/geoplugin.class.php');
$geoPlugin_array = unserialize( file_get_contents('http://www.geoplugin.net/php.gp?ip=' . $_SERVER['REMOTE_ADDR']) );
if ( $geoPlugin_array['geoplugin_continentCode'] == 'EU' )
{
require_once("path/includes/browser.php");
$browser = new Browser();
if( $browser->getBrowser() == Browser::BROWSER_GOOGLEBOT )
{
return;
}
elseif( $browser->getBrowser() == Browser::BROWSER_SLURP )
{
return;
}
elseif( $browser->getBrowser() == Browser::BROWSER_MSNBOT )
{
return;
}
else
{
// If expected cookie isn't set yet, send em to landing page
if (!isset($_COOKIE['prefcookie'])) {
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
}
// If we made it this far, we have our expected cookie, we can implement a switch
switch ($_COOKIE['prefcookie']) {
case 'path-block':
case 'path-first':
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
break;
default:
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=3");
break;
}
}
}
?>
UPDATED
==========
<?php
require_once('path/geoip/geoplugin.class.php');
$geoPlugin_array = unserialize( file_get_contents('http://www.geoplugin.net/php.gp?ip=' . $_SERVER['REMOTE_ADDR']) );
if ( $geoPlugin_array['geoplugin_continentCode'] == 'EU' )
{
require_once("path/includes/browser.php");
$browser = new Browser();
if( $browser->getBrowser() == Browser::BROWSER_GOOGLEBOT )
{
return;
}
elseif( $browser->getBrowser() == Browser::BROWSER_SLURP )
{
return;
}
elseif( $browser->getBrowser() == Browser::BROWSER_MSNBOT )
{
return;
}
else
{
if (!isset($_COOKIE['prefcookie'])) {
header("Location: http://".$_SERVER["HTTP_HOST"]."/path/filter.php?u=http%3A%2F%2Fwww.path.org".$_SERVER["REQUEST_URI"]."&b=2");
}
elseif($_COOKIE['prefcookie'] == "path-all")
{
return;
}
elseif($_COOKIE['prefcookie'] == "path-first")
header("Location: http://".$_SERVER["HTTP_HOST"]."/path/filter.php?u=http%3A%2F%2Fwww.path.org".$_SERVER["REQUEST_URI"]."&b=2");
elseif($_COOKIE['prefcookie'] == "path-block")
header("Location: http://".$_SERVER["HTTP_HOST"]."/path/filter.php?u=http%3A%2F%2Fwww.path.org".$_SERVER["REQUEST_URI"]."&b=2");
else
header("Location: http://".$_SERVER["HTTP_HOST"]."/path/filter.php?u=http%3A%2F%2Fwww.path.org".$_SERVER["REQUEST_URI"]."&b=2");
}
}
?>
Should probably add a check to make sure that the element exists in the array:
// This will avoid undefined index
if ((!isset($_COOKIE['prefcookie'])) || ($_COOKIE['prefcookie'] == "path-all")) {
return;
}
-- Update --
According to your updates and comments, the following code should work:
// If expected cookie isn't set yet, send em to landing page
if (!isset($_COOKIE['prefcookie'])) {
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
}
// If we made it this far, we have our expected cookie, we can implement a switch
switch ($_COOKIE['prefcookie']) {
case 'path-block':
case 'path-first':
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
break;
case 'path-all':
header("Location: http://".$_SERVER["HTTP_HOST"]);
break;
default:
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=3");
break;
}
For the record, in your original code you had 'path-block' twice, so I assumed it to be the same as 'path-first' as you have it. If this is not desired, you can copy and past the header location for 'path-first' and paste it under 'path-block'.
Also, it appears your url construct is malformed:
$url="/path/filter.php?u=http%3A%2F%2F".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
// If you decode the following construct it looks like (I decoded entities for clarity)
// http://www.example.com/path/filter.php?u=http://www.example.com/path/filter.php/&b=2
// %2F decodes to a slash "/", so the /&b=2 appears malformed, it should be /?b=2
header("Location: http://".$_SERVER["HTTP_HOST"]."$url%2F&b=2");
A useful encode/decode tool can be found # meyerweb.com/eric/tools/dencoder
You're seeing this notice because the index "prefcookie" does not exist. In all likelihood, on your Joomla install something is setting $_COOKIE['prefcookie'], but your install not on Joomla doesn't have this index.
Furthermore, the warning you are seeing is because you are trying to change the header information after it's already been sent. You can suppress this, however it's probably better to just redirect the user prior to sending the rest of the headers.
Somewhere along the line I'm adding or leaving out a { } but I just can't figure out where
<?php
if (file_exists('config.php')) {
require_once('config.php');
{
if ( $EDITED_CONFIG == false )
{
header("Location: welcome.php");
}
}
}
else (file_exists('default-config-new.php')) {
require_once('default-config-new.php');
{
if ( $EDITED_CONFIG == false )
{
header("Location: welcome.php");
}
}
}
?>
If file exists require it and if edited = false redirect, if true end script.
else
If file exists require it and if edited = false redirect, if true end script.
So if the first file doesn't exist it mustn't require it or look for edited, it must skip to the second file and if that exists it must checked edited and then if is false then redirect. If the first file is true it must end script and load page. So it mustn't check second file if first file is true.
Also is this the lightest way to do this?
Thanks
If you indent your code properly, your error will become evident.
A few links that may be useful:
Wikipedia: Indent style
How to indent code
PHP Coding standard: Indentation
You're not closing your if statements: Should be something like:
<?php
if (file_exists('config.php')) {
require_once('config.php');
if ($EDITED_CONFIG == false) {
header("Location: welcome.php");
}
}
else{
require_once('default-config-new.php');
if ($EDITED_CONFIG == false) {
header("Location: welcome.php");
}
}
?>
Edited. Also, you need to close brackets around all code to be executed for that statement, before you can use another elseif or else statement:
if ($x == 1) {
echo "X is 1!";
}
else if ($x == 0) {
echo "X is 0!";
}
else {
echo "Not 1 or 0!";
}
You are missing the { after the else to enclose what you want inside the "else" block i believe
You need to write
else if (conditions...)
You have got
else (conditions...)
Please give me an idea on how to display elements in a page depending on who is logged in. For example, a user or an administrator.
I'm thinking of something like this but I get a parse error, what do I lack in this code?:
EDIT:
<?php
session_start();
if (!(isset($_SESSION['loginAdmin']) && $_SESSION['loginAdmin'] != '')) {
header ("Location: loginam.php");
}
else if (!(isset($_SESSION['loginAdmin']) && $_SESSION['loginAdmin'] =='')) {
include('head2.php');
}
else if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: login.php");
}
else if (!(isset($_SESSION['login']) && $_SESSION['login'] =='')) {
include('head3.php');
}
?>
Please help, there's no error but its not functioning properly. Whenever I try to access the page where I have this code. And login as a user. It redirects to loginam.php(the page where the admin will login). But there's no problem when I log in as admin. It works properly. What do I do?
Use
if (condition)
{
}
else if (condition) {
}
Also Just to make things simpler .. try something like ..
function is_admin() {
if(isset($_SESSION['loginAdmin']) && $_SESSION['loginAdmin'])
return true;
} else {
return false;
}
}
and then check
if(is_admin()) {
///admin block
} else {
//admin login
}
if(is_user()) {
///user block
} else {
//user login
}
if else is not valid. It's else if.
Other than that, it would help if you posted the parser error along with your code.
You're also not closing your <?php statement before opening it again.
because you have an invalid code.
he's the trimmed code:
<?php
session_start();
if (!isset($_SESSION['loginAdmin']) && ($_SESSION['loginAdmin'] != '')) {
header ("Location: loginam.php");
} else {
include('head2.php');
}
?>
<?php
if (!isset($_SESSION['login']) && ($_SESSION['login'] != '')) {
header ("Location: login.php");
} else {
include('head3.php');
}
?>
pay a little attention to the code.