I have 2 sets of users that need access to a shared page. Each user has a different session assigned. Here is what I have. It allows access to 'client1' but not 'admin'
session_start();
if (!isset($_SESSION["client1"]) || $_SESSION["client1"] !== true) {
header("Location: ../../../login.php");
if (!isset($_SESSION["admin"]) || $_SESSION["admin"] !== true) {
header("Location: ../../../login.php");
exit;
}
}
Any help would be greatly appreciated. Thank you in advance.
if (isset($_SESSION["client1"]) && $_SESSION["client1"] == true) || (isset($_SESSION["admin"]) && $_SESSION["admin"] == true) {
//show page
}else {
header("Location: ../../../login.php");
}{
Related
I am trying to make some redirects to lock the page from having a different get variable from what i have defined. But the problem is that I am getting a redirect error which is
The page isn’t redirecting properly.
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
I tried different things but I could not solve this problem. I need your help please. It is to note that the variables w_news and the rest are coming from links on the page.
these are the following code which are in the header of the project:
// Redirect function
function redirect_to($redirect_link) {
header("Location: ". $redirect_link);
exit;
}
$redirect_link = "index.php?sec=w_news";
//if sec is empty i want to redirect to the above link
if (!isset($_GET['sec']) || isset($_GET['sec']) && $_GET['sec'] == "") {
redirect_to($redirect_link);
} else if (isset($_GET['sec']) && $_GET['sec'] != "w_news" || $_GET['sec'] != "pol" || $_GET['sec'] != "sci" || $_GET['sec'] != "tech" || $_GET['sec'] != "spo" || $_GET['sec'] != "covid19"){
// and if the value is not = to the named ones i want also to redirect
redirect_to($redirect_link);
}
Thank you in advance :)
<?php
if ($_GET['sec'] == "w_news" || $_GET['sec'] == "pol" || $_GET['sec'] == "sci" || $_GET['sec'] == "tech" || $_GET['sec'] == "spo" || $_GET['sec'] == "covid19")
{
// working validate
}
else
{
//failed redirect";
$redirect_link = "index.php?sec=w_news";
header("Location: ". $redirect_link);
}
?>
I am using this code to protect my pages using login session:
<?php
//PUT THIS HEADER ON TOP OF EACH UNIQUE PAGE
session_start();
if (!isset($_SESSION['username'])) {
return header("location:login/main_login.php");
}
?>
but I'd like to check the users level, because I'd like to show e.g. page-one.php for users level 1 and 2; page-two.php for users level 3 and so on...
I tried in this way but it's not working:
<?php
session_start();
$level = 2;
$_SESSION['level'] = $level;
if (!isset($_SESSION['username'])) {
if($_SESSION['level'] == '0' && $_SESSION['level'] == '1') {
return header("location: page-one.php");
} else if ($_SESSION['level'] == '2') {
return header("location: page-two.php");
}
}
Any advice, please?
EDIT I edited my code, I found another solution: I stored level in a variable and I checked it together the username
This will always be false:
if($_SESSION['level'] == '0' && $_SESSION['level'] == '1')
The same variable can't equal two different values at the same time. Did you mean to use the comparison "or" operator (||) instead?:
if($_SESSION['level'] == '0' || $_SESSION['level'] == '1')
Or perhaps more else-if chaining?:
if($_SESSION['level'] == '0') {
//...
} else if ($_SESSION['level'] == '1') {
//...
} else if ($_SESSION['level'] == '2') {
//...
}
I conditionally embed one of two headers on a given page: either "Companies", or "Students and Professionals".
I store the user's type ('', 'student', or 'professional') in the $_SESSION array on login, then use a simple if statement to determine which header to embed.
The conditional (if) statement doesn't seem to work though; the first always evaluates as TRUE and company_home_header.php is always included, even when I've previously set $_SESSION['usertype'] to 'student' or 'professional'.
Why isn't the string stored in $_SESSION['usertype'] being evaluating correctly?
<?php
if ($_SESSION['usertype'] == "")
{
include('includes/company_home_header.php');
}
elseif ($_SESSION['usertype'] == "student" OR
$_SESSION['usertype'] == "professional")
{
include('includes/home_header.php');
}
?>
Please help.
Add session_start() on the top of your PHP code.
<?php
session_start();//<---Here
if($_SESSION['usertype'] == ""){
include('includes/company_home_header.php');
}
elseif($_SESSION['usertype'] == "student" || $_SESSION['usertype'] == "professional") {
include('includes/home_header.php');
}
?>
As stated, use session_start() and your expression is not correct:
elseif($_SESSION['usertype'] == "student" || $_SESSION['usertype'] == "professional") {
Try this:
<?php
session_start();
if($_SESSION['usertype'] == ""){
include('includes/company_home_header.php');
}
elseif($_SESSION['usertype'] == "student" or "professional") {
include('includes/home_header.php');
}
?>
This is code for Delete link:
<a href="picture_manager.php?do=delete&id=<?php print $picturedata['id']; ?>" >Delete</a>
This is my current database syntax:
if (array_key_exists('do', $_GET) && $_GET['do'] == "delete" && array_key_exists('id', $_GET))
{
$pictureid = trim(sanitize($_GET['id']));
if ($picture->delete($pictureid) === true)
{
header('Location: picture_manager.php?success=removed');
}
}
With code above, other user can delete others user picture like = picture_manager.php?do=delete&id=(victim).
Now I found solution to prevent abuse by other user, I change the old syntax as below:
This is my new database syntax:
if (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false)
{
header('Location: picture_manager.php');
}
else
{
$pictureid = trim(sanitize($_GET['id']));
if ($picture->delete($pictureid) === true)
{
header('Location: picture_manager.php?success=removed');
}
}
Sadly, it did not work "The page isn't redirecting properly - said firefox browser"
Looking for expert right now.
I found solution in below answer.
NOW EDIT:
Its difficult to me when I coded as below:
if (isset($_GET['do']) && $_GET['do'] == 'delete' && (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false))
{
header('Location: picture_manager.php');
}
else
{
$pictureid = trim(sanitize($_GET['id']));
if ($picture->delete($pictureid) === true)
{
header('Location: picture_manager.php?success=removed');
}
}
The file doesn't delete when I click i.e picture_manager.php?do=delete&id=6125
Whats wrong with my code?
infinite redirect, !array_key_exists('id', $_GET) will proceed always. you need add ?do=delete to validation, like
<?php if (isset($_GET['do']) && $_GET['do'] == 'delete' && (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false))
Here is my script:
$user_data = user_data($name);
if($user_data['type'] == 'clerk') {
} elseif ($user_data['type'] == 'admin' ){
}else
{ header("Location: login_admin1.php");}
}
If I am using an if statement with blank {} it works but as soon as I use this script it's not working.
if($user_data['type'] != 'clerk' || $user_data['type'] != 'admin')
{ header("Location: login_admin1.php");}
I want to check if $user_data['type'] is clerk or admin, (only clerk or admin has access to page) can check page. If it's not one of them they can't access the page.
Why not use in_array()?
if ( ! in_array( $user_data['type'], array( "clerk", "admin" ) ) ) {
// Is neither Clerk, nor Admin.
}
Cuts down on having to write $user_data['type'] over and over.
Use && instead of || in if statement:
Try:
if( $user_data['type'] != 'clerk' && $user_data['type'] != 'admin' ) {
header("Location: login_admin1.php");
}