I conditionally embed one of two headers on a given page: either "Companies", or "Students and Professionals".
I store the user's type ('', 'student', or 'professional') in the $_SESSION array on login, then use a simple if statement to determine which header to embed.
The conditional (if) statement doesn't seem to work though; the first always evaluates as TRUE and company_home_header.php is always included, even when I've previously set $_SESSION['usertype'] to 'student' or 'professional'.
Why isn't the string stored in $_SESSION['usertype'] being evaluating correctly?
<?php
if ($_SESSION['usertype'] == "")
{
include('includes/company_home_header.php');
}
elseif ($_SESSION['usertype'] == "student" OR
$_SESSION['usertype'] == "professional")
{
include('includes/home_header.php');
}
?>
Please help.
Add session_start() on the top of your PHP code.
<?php
session_start();//<---Here
if($_SESSION['usertype'] == ""){
include('includes/company_home_header.php');
}
elseif($_SESSION['usertype'] == "student" || $_SESSION['usertype'] == "professional") {
include('includes/home_header.php');
}
?>
As stated, use session_start() and your expression is not correct:
elseif($_SESSION['usertype'] == "student" || $_SESSION['usertype'] == "professional") {
Try this:
<?php
session_start();
if($_SESSION['usertype'] == ""){
include('includes/company_home_header.php');
}
elseif($_SESSION['usertype'] == "student" or "professional") {
include('includes/home_header.php');
}
?>
Related
I am using this code to protect my pages using login session:
<?php
//PUT THIS HEADER ON TOP OF EACH UNIQUE PAGE
session_start();
if (!isset($_SESSION['username'])) {
return header("location:login/main_login.php");
}
?>
but I'd like to check the users level, because I'd like to show e.g. page-one.php for users level 1 and 2; page-two.php for users level 3 and so on...
I tried in this way but it's not working:
<?php
session_start();
$level = 2;
$_SESSION['level'] = $level;
if (!isset($_SESSION['username'])) {
if($_SESSION['level'] == '0' && $_SESSION['level'] == '1') {
return header("location: page-one.php");
} else if ($_SESSION['level'] == '2') {
return header("location: page-two.php");
}
}
Any advice, please?
EDIT I edited my code, I found another solution: I stored level in a variable and I checked it together the username
This will always be false:
if($_SESSION['level'] == '0' && $_SESSION['level'] == '1')
The same variable can't equal two different values at the same time. Did you mean to use the comparison "or" operator (||) instead?:
if($_SESSION['level'] == '0' || $_SESSION['level'] == '1')
Or perhaps more else-if chaining?:
if($_SESSION['level'] == '0') {
//...
} else if ($_SESSION['level'] == '1') {
//...
} else if ($_SESSION['level'] == '2') {
//...
}
I'm trying to make a dynamic page with $_GET vars(params) and I have it working if the var is equal to something, it will display content. But if the var doesn't equal something, then it either displays the content still, or doesn't display the error; or displays the error and the content at the same time
<?php
if(!isset($_GET['type'])){
header("location: ?type=login");
} else {
$type = trim(strip_tags(stripslashes(mysql_real_escape_string($_GET['type']))));
}
if($type != 'login' || $type != 'register'){
?>
<h1>What your looking for can't be found!</h1>
<?php
}
if($type == 'login'){
?>
<h1>Login page:</h1>
<?php
}
if($type == 'register'){
?>
<h1>Register page:</h1>
<?php
}
?>
You have two problems in your code:
Your check for the error needs to use && and not ||. You want to see if login AND register are both not used.
You need to use if/else if statements to make sure only one condition is ever present.
Check this code out:
<?php
if(!isset($_GET['type'])){
header("location: ?type=login");
} else {
$type = trim(strip_tags(stripslashes(mysql_real_escape_string($_GET['type']))));
}
if($type != 'login' && $type != 'register'){
?>
<h1>What your looking for can't be found!</h1>
<?php
} else if($type == 'login'){
?>
<h1>Login page:</h1>
<?php
} else if($type == 'register'){
?>
<h1>Register page:</h1>
<?php
}
The problem is occurring because you are using a comparative operator in your check:
if($type != 'login' || $type != 'register')
Essentially, this is two separate conditions; the first will will evaluate to true when the page is not login, the second will evaluate to true when the page is not register. However, they're not checking for each other.
The first condition will consider register to be valid, as register is valid for if($type != 'login'). The second will consider login to be valid, as login is valid for if($type != 'register').
You need to ensure that neither of these pages are allowed, by using the AND comparator (&&): if($type != 'login' && $type != 'register')
However, for the matter, you don't need to worry about setting the $type variable at all. Simply check what _GET['type'] equates to at the same time that you're checking it's set:
<?php
if (isset($_GET['type']) && $_GET['type'] == 'login') {
?>
<h1>Login page:</h1>
<?php
}
else if (isset($_GET['type']) && $_GET['type'] == 'register') {
?>
<h1>Register page:</h1>
<?php
}
else {
header("location: ?type=login");
}
Also, please note that the mysql_ constructor is deprecated as of PHP 5.5, and is outright removed in PHP 7. Please consider switching to either MySQLi or PDO, ensuring that you also use parameterised queries to prevent SQL injection.
Hope this helps! :)
You just need to work out the logic a little more...if, else if, else. Case handling is the problem.
<?php
if(!isset($_GET['type'])){
header("location: ?type=login");
} else if(isset($_GET['type'] {
If ($_GET['type'] !== "") {
$type = trim(strip_tags(stripslashes(mysql_real_escape_string($_GET['type']))));
}
}
......
?>
Sorry for the half baked answer, I'm on my phone and it's not very code-friendly
I have some PHP code to check user login status which check if session variables are set or cookies are set. If either of condition is true then it grand permission otherwise redirect to login page. Code looks like this :
if(isset($_SESSION["userid"]) || isset($_COOKIE["userid"]) && isset($_SESSION["username"]) || isset($_COOKIE["username"]) && isset($_SESSION["password"]) || isset($_COOKIE["password"])){
} else {
header("location : register.php");
}
The problem is that if session get destroyed (by closing browser or any other reason) it redirect the user to login page. But what it has to do is read cookies data and grant user access as cookies are still present (I've checked that cookies are still present by echo cookie data).
&& has a higher precedence than ||, so you need to guard the || with brackets. Also, having an empty if statement is just redundant:
if(!(isset($_SESSION["userid"]) || isset($_COOKIE["userid"]) ||
!(isset($_SESSION["username"]) || isset($_COOKIE["username"])) ||
!(isset($_SESSION["password"]) || isset($_COOKIE["password"]))) {
header("location : register.php");
}
You need to change your condition a bit because you are confusing it within SESSION and Cookie. Put them together with && and separate them with || like below:-
if((isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) || (isset($_COOKIE["userid"]) && isset($_COOKIE["username"]) && isset($_COOKIE["password"]))){
// your action that you want
} else {
header("location : register.php");
}
Note:- Take care that same things are going to applied everywhere (on each other pages and conditions), otherwise you will face problem.
Also more dependency on cookie is not good, because it can be changed by the user any time.
You need to add a couple of breakers to group your statements like this:
if(
( isset($_SESSION["userid"]) || isset($_SESSION["username"]) && isset($_SESSION["password"]) )
||
( isset($_COOKIE["userid"]) || isset($_COOKIE["username"]) && isset($_COOKIE["password"]) )
){
// Your action
} else {
header("location : register.php");
}
Such statement will check if there is set COOKIE or SESSION and check or user_id or user name AND password.
If you need AND user_id AND username than replace || in brackets between isset() functions for this fields.
I think your if condition is missing some parenthesis. To make your code more readable you could create two functions
function isSessionValid()
{
return isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"]);
}
function isCookieValid()
{
return isset($_COOKIE["userid"]) && isset($_COOKIE["username"]) && isset($_COOKIE["password"]);
}
and then use these functions in your if statement :
if (isSessionValid() || isCookieValid()) {
} else {
}
I want to know how to make a second "check" on what session is set. I am currently using this code:
<?php
session_start();
require_once("../user/connect.php");
include "getn.php";
if($_SESSION['username'] != 'RBLXDev') {
die('lol failure');
}
?>
My current username is RBLXDev, but I want to make it check if the current username (stored in a session named username) is something like "waffle_".
I believe how you do the and statement in PHP is ||, but I don't know how to add to that code.
You can use any Logical Operator in you if statement to perform 2 or more checks -
using or / || -
if($_SESSION['username'] != 'RBLXDev' or $_SESSION['username'] != '...') { }
if($_SESSION['username'] != 'RBLXDev' || $_SESSION['username'] != '...') { }
using and / && -
if($_SESSION['username'] != 'RBLXDev' and $_SESSION['username'] != '...') { }
if($_SESSION['username'] != 'RBLXDev' && $_SESSION['username'] != '...') { }
Welcome to SO!
if($_SESSION['username'] != 'RBLXDev' && $_SESSION['username'] != 'waffle_')
Please read into php's logical operators.
I have created a simple PHP login system, I am fairly new to PHP in some ways. The login system doesn't use a database as its only one user.
<?php
if(isset($_SESSION['loggedin']))
{
die("You are already logged in!");
}
if(isset($_POST['submit']))
{
if ($_POST["Username"]=="****" && $_POST["password"]=="****")
{
$_SESSION['loggedin'] = "1";
print $_SESSION['loggedin'];
}
}
?>
Then for every other page I have a PHP checker with an if statement:
<?php
session_start(); // NEVER forget this!
if(!isset($_SESSION['loggedin'] = "1"))
{
die("To access this page, you need to <a href='login.php'>LOGIN</a>");
}
?>
It worked when I just set loggedin to 'YES' and then used the line
if(!isset($_SESSION['loggedin']))
But when I try to assign loggedin a number in this example 1, and then make the checker check that if its NOT the number 1 then die, like this:
if(!isset($_SESSION['loggedin'] = "1"))
it doesn't work. Can anyone tell me how I am going wrong?
Try using == instead of =. Using '=' will assign the value 1 to the session variable.
if(!isset($_SESSION['loggedin'] == "1"))
However, a better option would be:
if($_SESSION['loggedin'] != "1")
Using Yoda conditions and checking whether $_SESSION['loggedin'] is set, that would be:
if(!isset($_SESSION['loggedin']) || "1" != $_SESSION['loggedin'])
if( !isset($_SESSION['loggedin']) || $_SESSION['loggedin'] != "1" )
Also make sure that you have session_start() at the top of your first example.
<?php
session_start();
if(isset($_SESSION['loggedin']))
{
die("You are already logged in!");
}
if(isset($_POST['submit']))
{
if ($_POST["Username"]=="****" && $_POST["password"]=="****")
{
$_SESSION['loggedin'] = "1";
print $_SESSION['loggedin'];
}
}
?>
If you're using a String as a value, you can also use the php function strcmp($str1, $str2) for binary safe string comparison. So you may do this test:
if(isset($_SESSION['loggedin']) && strcmp($_SESSION['loggedin'], '1') == 0)
If the values on strcmp are equal, it evaluates to 0. If str1 is less than str2 it returns < 0 and if str1 is greater than str2 it returns > 0.
For more info: http://php.net/manual/en/function.strcmp.php