This is code for Delete link:
<a href="picture_manager.php?do=delete&id=<?php print $picturedata['id']; ?>" >Delete</a>
This is my current database syntax:
if (array_key_exists('do', $_GET) && $_GET['do'] == "delete" && array_key_exists('id', $_GET))
{
$pictureid = trim(sanitize($_GET['id']));
if ($picture->delete($pictureid) === true)
{
header('Location: picture_manager.php?success=removed');
}
}
With code above, other user can delete others user picture like = picture_manager.php?do=delete&id=(victim).
Now I found solution to prevent abuse by other user, I change the old syntax as below:
This is my new database syntax:
if (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false)
{
header('Location: picture_manager.php');
}
else
{
$pictureid = trim(sanitize($_GET['id']));
if ($picture->delete($pictureid) === true)
{
header('Location: picture_manager.php?success=removed');
}
}
Sadly, it did not work "The page isn't redirecting properly - said firefox browser"
Looking for expert right now.
I found solution in below answer.
NOW EDIT:
Its difficult to me when I coded as below:
if (isset($_GET['do']) && $_GET['do'] == 'delete' && (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false))
{
header('Location: picture_manager.php');
}
else
{
$pictureid = trim(sanitize($_GET['id']));
if ($picture->delete($pictureid) === true)
{
header('Location: picture_manager.php?success=removed');
}
}
The file doesn't delete when I click i.e picture_manager.php?do=delete&id=6125
Whats wrong with my code?
infinite redirect, !array_key_exists('id', $_GET) will proceed always. you need add ?do=delete to validation, like
<?php if (isset($_GET['do']) && $_GET['do'] == 'delete' && (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false))
Related
if (lo_first == 'true' && $lo_first != '1') {
header("Location: http://example.com/myOtherPage.php");
exit(); }
I don't understand why this redirect doesn't work
Take a look at your if:
if (lo_first == 'true' && $lo_first != '1') {
Here you use both lo_first and $lo_first, which indicates that $lo_first is a variable from which the $ is forgotten at its first use. Fix:
if (lo_first == 'true' && $lo_first != '1') {
I am trying to make some redirects to lock the page from having a different get variable from what i have defined. But the problem is that I am getting a redirect error which is
The page isn’t redirecting properly.
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
This problem can sometimes be caused by disabling or refusing to accept cookies.
I tried different things but I could not solve this problem. I need your help please. It is to note that the variables w_news and the rest are coming from links on the page.
these are the following code which are in the header of the project:
// Redirect function
function redirect_to($redirect_link) {
header("Location: ". $redirect_link);
exit;
}
$redirect_link = "index.php?sec=w_news";
//if sec is empty i want to redirect to the above link
if (!isset($_GET['sec']) || isset($_GET['sec']) && $_GET['sec'] == "") {
redirect_to($redirect_link);
} else if (isset($_GET['sec']) && $_GET['sec'] != "w_news" || $_GET['sec'] != "pol" || $_GET['sec'] != "sci" || $_GET['sec'] != "tech" || $_GET['sec'] != "spo" || $_GET['sec'] != "covid19"){
// and if the value is not = to the named ones i want also to redirect
redirect_to($redirect_link);
}
Thank you in advance :)
<?php
if ($_GET['sec'] == "w_news" || $_GET['sec'] == "pol" || $_GET['sec'] == "sci" || $_GET['sec'] == "tech" || $_GET['sec'] == "spo" || $_GET['sec'] == "covid19")
{
// working validate
}
else
{
//failed redirect";
$redirect_link = "index.php?sec=w_news";
header("Location: ". $redirect_link);
}
?>
I have done an email activation, which is working but am trying to adopt the same concept for my antispam activation. It is working for some people but sometimes, I keep getting that one of the variables is not set, is just just a trial and error thing?
I also read somewhere that I should include a not empty check too after the isset() check.
<?php
include_once __DIR__.'/header2.php';
if(isset($_SESSION['u_uid'])) {
echo "<meta http-equiv='refresh' content='0;url=../header2.php?reply=mustloggedoutfirst'>";
exit();
} else {
if(!isset($_GET['email']) && $_GET['email'] !== '' || !isset($_GET['userid']) && $_GET['userid'] !== '' || !isset($_GET['id']) && $_GET['id'] !== '' || !isset($_GET['reply_registration_expirydate']) && $_GET['reply_registration_expirydate'] !== '') {
echo "<meta http-equiv='refresh' content='0;url=../index.php?reply=missinglink'>";
exit();
} else {
$email = strip_tags($_GET['email']);
$username = strip_tags($_GET['userid']);
$id = strip_tags($_GET['id']);
$reply_registration_expirydate = strip_tags($_GET['reply_registration_expirydate']);
if (empty($_SESSION['key'])) {
$_SESSION['key'] = base64_encode(openssl_random_pseudo_bytes(32));
}
}
}
I forgot to add to my previous question that initially, I had the following code, which seems to work for most people for not for some...
if (!isset($_GET['email']) || !isset($_GET['activatetoken']) || !isset($_GET['reply_registration_expirydate'])) {
echo "<meta http-equiv='refresh' content='0;url=../index.php?reply=missinglink'>";
exit();
Update your IF-clause and remove the negation of "isset".
With "!isset($_GET['email']) && $_GET['email'] !== ''" you're checking if the variable is NOT set and then (being not set) if it's NOT unequal to an empty string, this must run into a "variable not set"-error.
The logical order of your if statement is probably incorrect. By "missing link errors" you probably mean this part of the if-statement is executed:
if(!isset($_GET['email']) && $_GET['email'] !== '' || !isset($_GET['userid']) && $_GET['userid'] !== '' || !isset($_GET['id']) && $_GET['id'] !== '' || !isset($_GET['reply_registration_expirydate']) && $_GET['reply_registration_expirydate'] !== '') {
formatted:
if (! isset($_GET['email']) // IS NOT SET email
&& $_GET['email'] !== '' // and IS NOT EMPTY email
|| !isset($_GET['userid']) // or IS NOT SET userid
&& $_GET['userid'] !== '' // and IS NOT EMPTY userid
|| !isset($_GET['id']) // or IS NOT SET id
&& $_GET['id'] !== '' // and IS NOT EMPTY id
|| !isset($_GET['reply_registration_expirydate']) // or IS NOT SET reply_registration_expirydate
&& $_GET['reply_registration_expirydate'] !== '') { // and IS NOT EMPTY reply_registration_expirydate
Due to the precedence of the operators, your statement might evaluate to true earlier than you want. You need to use parentheses to group operands.
if ((! isset($_GET['email']) // (IS NOT SET email
&& $_GET['email'] !== '') // and IS NOT EMPTY email)
|| (!isset($_GET['userid']) // or (IS NOT SET userid
&& $_GET['userid'] !== '') // and IS NOT EMPTY userid)
|| (!isset($_GET['id']) // or (IS NOT SET id
&& $_GET['id'] !== '') // and IS NOT EMPTY id)
|| (!isset($_GET['reply_registration_expirydate']) // or (IS NOT SET reply_registration_expirydate
&& $_GET['reply_registration_expirydate'] !== '')) { // and IS NOT EMPTY reply_registration_expirydate)
I am trying to do a query like:
If $_GET['page'] == 'items' AND $_GET['action'] == 'new' OR 'edit'
Here's what I have:
if (isset($_GET['page']) && $_GET['page'] == 'items') {
if (isset($_GET['action']) && $_GET['action'] == 'new' || isset($_GET['action']) && $_GET['action'] == 'edit') {
// This is what Im looking for
}
}
Is this correct, and is this the easiest way to make this query?
You could have done it like this as well:
if (isset($_GET['page']) && $_GET['page'] == 'items') {
if (isset($_GET['action']) && ($_GET['action'] == 'new' || $_GET['action'] == 'edit')) {
}
}
Your way is perfectly fine, although I would almost be tempted to do it the following way. The only reason I suggest this is that your code requires that both action and page are set. If action is not set then there isn't much point checking if the page is == 'items'.
if(isset($_GET['page']) && isset($_GET['action'])) {
if($_GET['page'] == 'items' && ($_GET['action'] == 'new' || $_GET['action'] == 'edit')) {
//do code here
}
}
You may also try in_array like:
if (isset($_GET['page']) && $_GET['page'] == 'items')
{
if ( !empty( $_GET['action'] ) && in_array( $_GET['action'], array( 'new', 'edit' ) )
{
// This is what Im looking for
}
}
That is one of possible solutions
if ( #$_GET['page'] == 'items' && in_array(#$_GET['action'], array('new','edit')))
Everything is ok, but also you can use function:
function paramIs($param, $values) {
$result = false;
foreach ((array)$values as $value) {
$result = $result || isset($_GET[$param]) && $_GET[$param] == $value;
}
return $result;
}
Usage:
if (paramIs('page', 'items') && paramIs('action', array('new', 'edit')))
{
// your code here
}
It will reduce the number of repetitions in your code and encapsulate logic in one place
This may be the way my server is set up, but I'm banging my head against the wall. I'm trying to say that if $action has no value or has a value that is not "add" or "delete" then have an error, else keep running the script. However, I get an error no matter what $action is.
$action = $_GET['a'];
if((!isset($action)) || ($action != "add" || $action != "delete")){
//header("location:index.php");
echo "error <br>";
}
$action is being set properly and if run something like if($action =="add") it works. This is on my local host, so it could be a settings issue.
Your logic is slightly off. The second || should be &&:
if ((!isset($action)) || ($action != "add" && $action != "delete"))
You can see why your original line fails by trying out a sample value. Let's say $action is "delete". Here's how the condition reduces down step by step:
// $action == "delete"
if ((!isset($action)) || ($action != "add" || $action != "delete"))
if ((!true) || ($action != "add" || $action != "delete"))
if (false || ($action != "add" || $action != "delete"))
if ($action != "add" || $action != "delete")
if (true || $action != "delete")
if (true || false)
if (true)
Oops! The condition just succeeded and printed "error", but it was supposed to fail. In fact, if you think about it, no matter what the value of $action is, one of the two != tests will return true. Switch the || to && and then the second to last line becomes if (true && false), which properly reduces to if (false).
There is a way to use || and have the test work, by the way. You have to negate everything else using De Morgan's law, i.e.:
if ((!isset($action)) || !($action == "add" || $action == "delete"))
You can read that in English as "if action is not (either add or remove), then".
No matter what $action is, it will always either not be "add" OR not be "delete", which is why the if condition always passes. What you want is to use && instead of ||:
(!isset($action)) || ($action !="add" && $action !="delete"))
You're saying "if it's not set or it's different from add or it's different from delete". You realize that a != x && a != y, with x != y is necessarily false since a cannot be simultaneously two different values.
You could also try:
if ((!isset($action)) || !($action == "add" || $action == "delete")) {
// Do your stuff
}
For future reference, you can quickly create a truth table to check if it evaluates the way you want... it's kind of like Sudoku.
(!isset($action)) && ($action != "add" && $action != "delete"))
Example:
column 1 is issetaction, column 2 and 3 evaluates !="add","delete" respectively
if($a=add) T && (F && T) => T && F => FALSE
if($a=delete) T && (T && F) => T && F => FALSE
if($a=nothing) T && (T && T) => T && T => TRUE
I think this is the best and easiest way to do it:
if (!(isset($action) && ($action == "add" || $action == "delete")))
Not an answer, but just for the sake of code formatting
if((isset($_GET['a'])) $action=$_GET['a']; else $action ="";
if(!($action === "add" OR $action === "delete")){
header("location: /index.php");
exit;
}
Note the exit; statement after header(). That's the important thing. header() does not terminate script execution.