I'm trying to fix an issue with permissions in my app, I have a session->userdata('usrclass') set when login with different account class.
I have an ADMIN user who has a usrclass of ADMIN and I need to show some content based on that.
BUT when I do this:
<?= ($this->session->userdata('usrclass') == "ADMIN") ? 'yes' : 'no'; ?>
It outputs "no"... While it should output "yes". So I tried reading into the sessiondata with this code:
<?= echo $this->session->userdata('usrclass') ?>
This outputs the word ADMIN... This is a weird behavior, I've tried using ===, I've tried to figure out other stuff but couldn't.
What could it be?
I'm going to attach some pics of this:
may be there are some extra whitespace(s) in your session data value, try:
<?php
$sess_data = $this->session->userdata('usrclass');
$sess_data = trim($sess_data);
//and echo
echo ($sess_data == "ADMIN") ? "si" : "no";
?>
You could try making sure it's a string coming back from the session.
((string) $this->session->userdata('usrclass') == "ADMIN") ? 'yes' : 'no';
Maybe a long shot but could the first userdata('usrclass') be wiping the value. Try removing the test code.
echo $this->session->userdata('usrclass')
Related
I'm trying to give access to admin tools only to the admin.
What I tried to do: the session variable id, which is unique for every user.
first I checked if there is even a session, if there isn't I send the user to the index, than I check for the unique if of the admin "20" if the user's id is different than 20 I send him the the index.
my problem: my if statment doesn't work, I get sent back to index even when i'm logged-in as the admin.
My code:
<?php
if(isset($_SESSION['userId'])){
header('Location:index.php?b');
}
if($_SESSION['userId'] != 20){
header('Location:index.php?a');
}
?>
?a and ?b are for debugging, I get sent to index.php?a when I try to access the my page.
when I echo $_SESSION['userId'] I get 20, so maybe something is wrong with the type?(although I checked and it says that != shouldn't be effected by different types)
EDIT: sorry, I didn't describe what I wanted correctly, if the id of the user is 20 I want him to stay in the page, if it isn't I want to redirect him to index.
thanks!
Because you perform one test when that test passes or fails the comparison is over. You should probably perform a comparison like this because you only want to redirect when the ID is not 20:
<?php
session_start();
if(isset($_SESSION['userId']) && $_SESSION['userId'] != 20) {
header("Location: index.php");
exit();
}
?>
Check if session is set and if so assign its value to a variable with the null coalesce operator. Redirect using the ternary operator.
<?php
session_start()
//$_SESSION['userId'] = 19; // Redirects to index.php?a
$_SESSION['userId'] = 20; // Redirects to index.php?b
// use the null coalesce operator and ternary
$id = $_SESSION['userId'] ?? null;
($id == '20') ? '' : Redirect('index.php?a');
echo 'Still in page ...';
// Ensure an exit() after redirect
function Redirect($url) {
header('Location: ' . $url);
exit();
}
//Output: Still in page ...
?>
EDIT:
You can combine these steps to achieve this in one line:
(($_SESSION['userId'] ?? null) == 20) ? '' : header('Location: index.php?a');
This returns $_SESSION['userId'] if it's set and not null, otherwise it returns null. Then it checks this against the value 20 and uses it in the ternary operator to either do nothing ('') or redirect to index.php.
Your first if condition checks if the session is set (which is true) so it redirects you to index. So you should do:
session_start()
if(isset($_SESSION['userId'])){
if($_SESSION['userId'] != 20){
header('Location:index.php?a');
}else{
header('Location:index.php?b');
}
}
With this snippet of code, I'm attempting to show a clickable link (if "admin" is logged in), which will redirect me to adminarea.php
Right now it just prints out "Admin" in text. Nothing to click on. Just simple text.
Am I missing anything? Surely I got it wrong but I cannot see what's missing.
Here is the code:
<?php if (getUser("user") == "admin") { ?>
<option value="adminarea.php">Admin</option>
<?php } ?>
You're printing an option, which is part of the select form input. You're probably looking for an anchor?
Admin
Possibly a better way to do this would be to declare two options for a variable in your PHP first. Something like:
<?php
if(getUser("user") == "admin") {
$adminlink = 'Admin';
} else {
$adminlink = NULL;
}
?>
And in the html:
<?php echo $adminlink; ?>
This would show the href link if the PHP condition was true, and would display nothing if not. Hope this helps!
Well based on your title am assuming you want a link. By the way you can use PHP friend html syntax instead of making the code look "dirty".
<?php if(getUser("user") == "admin"): ?>
Admin
<?php endif; ?>
The URL is something.php?id=123-10-1
If I echo it, it only prints out 123 but I need it to say 123-10-1.
I suppose the solution is very simple but I'm not seeing it.
Use php urlencode and urldecode functions.
Of course, You will have the full argument stored in GET array. You are not doing anything wrong. The mistake should be somewhere else. Try to use:
var_dump($_GET);
$equal = ('123-10-1' == $_GET['id']);
var_dump($equal);
To see what is wrong... Echo is not the best printing functino here, however, it also should print the full argument...
UPDATE - note
After we know what was wrong:
$id = isset($_GET['id']) ? (int)$_GET['id'] : '';
I would suggest something like that:
// Set part of the code
$id = isset($_GET['id']) ? $_GET['id'] : '';
// Verification part of the code
if (!is_numeric($id) && $id != '') {
throw new Exception('ID must be numeric.');
}
if ($id == '') {
// ID was not set in the url. Maybe there should be another action here?
}
IN that case, You are in full control of what is happening here. Modyfing GET values or POST values "on the fly" is not the good practice.
I hope it helps.
Try using an anchor tag like <a href="something.php?id=123-10-1"> and it will echo 123-10-1
You are searching for the function urlencode which encoding a string to be used in a query part of a URL.
This was my code.
$id = $_GET['id']
echo $id; //123
and it printed '123' only.
But
echo $_GET['id']; //123-10-1
printed it all. Seems weird stuff as it should work in the first place, but it works now.
Gotta check my php.ini to see what's this all about.
I have try your code it giving me correct response
-<?php echo $_GET['id']; ?>
Output 123-10-1
I have a navigation bar in which I am trying to show menus/buttons, according to the type of user. I get the type of user via a variable called $isManager.
The good news is that it works on every browser, except firefox.
Code looks like this:
<?php
if ($isManager === '2'){
?>
<li>View</li>
<?php
}
?>
Can you suggest an alternative to this, or is Firefox somehow ignoring or not accepting the true condition here ?
When you use ===, it is for strict checking. So make sure that your$isManager is string type. If it is integer then try
<?php
if ($isManager === 2){
?>
<li>View</li>
<?php
}
?>
You are Using === it means you want to check by its typeof too.
and after that you wrote '2', so it will missmatch the results and not going to the condition, instead try the following.
<?php
if ($isManager === 2){
?>
<li>View</li>
<?php
}
?>
I am running through a jQuery Ajax tutorial here:
http://www.charlieperrins.com/2011/03/ajax-jquery-101/
Everything works perfectly but I have a question about this piece of code:
<?php if ($_POST['user']) : ?>
<?php
$user_id = $_POST['user'];
if (isset($db_data[$user_id])) {
$data = $db_data[$user_id];
} else {
echo 'Sorry, no user data matched your request - please try again';
die;
}
?>
I am most concerned with the very first line. What does that line do? I am trying to keep all the code in 1 set of php tags but I don't know how to do that. If I knew what the first line does, I might be able to figure it out. Any help is appreciated. I am trying to reverse engineer this to fit it into my app but can't do it without knowing what that top line does.
Thanks.
All this does is continues the if block until endif.
There is no endif, so nothing in this script runs unless there is data in $_POST['user'] that doesn't evaluate to false.
I would write this a bit differently:
<?php
if (isset($_POST['user'])) {
$user_id = $_POST['user'];
if (isset($db_data[$user_id])) {
$data = $db_data[$user_id];
} else {
echo 'Sorry, no user data matched your request - please try again';
die;
}
}
?>
The first line tests if the $_POST array has a key user, and that key contains a "truthy" (non-empty, among other things) value, indicating that a form was posted to this script. If no form data was posted, the rest of the script won't execute, such as if someone browsed directly to this PHP script without using the expected form to post to it. It is a technique often used when a form posts back to the same PHP script. Upon first arriving at the script, the $_POST will be empty. When the form is posted back to the same script, different actions can be taken when it contains values.
There need only be one <?php tag:
<?php
if ($_POST['user']) {
$user_id = $_POST['user'];
if (isset($db_data[$user_id])) {
$data = $db_data[$user_id];
} else {
echo 'Sorry, no user data matched your request - please try again';
die;
}
}
?>
This is Alternative syntax for control structures
<?php if ($_POST['user']) : ?> means if $_POST['user'] evaluates to true, execute the following code.
It can be compressed down to this:
<?php if ($_POST['user']) :
$user_id = $_POST['user'];
....
Also,
if ($_POST['user']) :
should be
if (isset($_POST['user']) && !empty(trim($_POST['user']))) :
That makes sure that $_POST['user'] has been set (generally $_POST contains variables from a form), and that it is not empty even with white-space removed.
See
Alternative syntax for control structures
$_POST
empty
trim
The if ($_POST['user']) line is saying this:
If the variable $_POST['user'] exists and is set to a non-false value.
The above condition fails if $_POST['user'] is 0, false, or '' (empty string).
It also isn't safely checking that value.
You are better off using:
if (isset($_POST['user'])) && $_POST['user'] != '')
This way no warning is output when PHP has display_errors and notices turned on.