For this moment using this code:
if ($_GET['page'] == 'index'
and file_exists('./intl/tpl/' . $_GET['page'] . '.tpl')
or !file_exists('./intl/tpl/' . $_GET['page'] . '.tpl')
or !$_GET['page']) {
//code
} elseif ($_GET['page'] == 'multi'
and file_exists('./intl/tpl/' . $_GET['page'] . '.tpl')) {
//code 2
}
and so on...
Question 1: Does this code "good" ? Doesn't need any escaping or something ?
Question 2: ?page=logout doens't work, so i created logout.php which looks like:
<?php
require_once "./intl/config.php";
SessionDelete('logged_in');
SessionDelete('username');
SessionDelete('userid');
if ($user_admin != null) {
SessionDelete('inadmin');
if (SessionGet('s_order') != null or SessionGet('s_page_show_all') != null) {
SessionDelete('s_order');
SessionDelete('s_page_show_all');
}
}
header('Location: '.$config['indexurl'].'index.php');
?>
Maybe before sessions delete need session start and it's possible do that with ?page=logout ?
The code certainly can be improved:
Reorder the tests so that it will not generate E_NOTICE errors
Parenthesize so that operator precedence is immediately obvious
Use the && and || boolean operators (as garvey's comment says)
Doing this, you 'd have:
if (empty($_GET['page']) ||
!file_exists('./intl/tpl/' . $_GET['page'] . '.tpl') ||
($_GET['page'] == 'index' && file_exists('./intl/tpl/' . $_GET['page'] . '.tpl')) {
//code
}
} elseif ($_GET['page'] == 'multi' && file_exists('./intl/tpl/' . $_GET['page'] . '.tpl')) {
//code 2
}
Then, rewrite it some more to make it clear why you are doing what you do. This will also allow you to write simpler code. Simple is good.
// This way it's obvious that 'index' is the default page
$page = !empty($_GET['page']) ? $_GET['page'] : 'index';
if (!file_exists('./intl/tpl/' . $page . '.tpl')) {
$page = 'index'; // comment here saying that if a non-existing page is requested, we display the index instead
}
$template = './intl/tpl/' . $page . '.tpl';
// At this point, we know that $page has a value, and we know that $template exists, so:
switch($page) {
case 'index':
// code
break;
case 'multi':
// code2
break;
}
As for the second question: yes, you need to start the session before you are able to modify or destroy it.
Related
I'm trying to create a simple static website, but my lesser knowledge in back-end code had me question my abilities. Is there any kind of security risk or anything else I might be overseeing to use an array check instead of switch statement?
For example this is the code I've been using until recently
// Default page
$current_page = 'home';
if(array_key_exists('page', $_GET)) {
$current_page = $_GET['page'];
}
switch ($current_page) {
case 'home':
$page = 'pages/home.php';
break;
case 'about':
$page = 'pages/about.php';
break;
case 'contacts':
$page = 'pages/contacts.php';
break;
default:
$page = 'pages/404.php';
}
and this is the code I've replaced it with. It just makes more sense to me to have the code that would expand in the future (as more pages are added later on) separate from the actual check that never changes, on top of that I think it looks nicer.
$pages = array(
'home' => 'pages/home.php',
'about' => 'pages/about.php',
'contacts' => 'pages/contacts.php',
'404' => 'pages/404.php',
);
// Default page
$page = $pages['home'];
if(array_key_exists('page', $_GET)) {
$current_page = $_GET['page'];
if(array_key_exists($current_page, $pages)){
$page = $pages[$current_page];
} else {
$page = $pages['404'];
}
}
They are both safe, but the second is a bit easier to manage.
Another approach would be something like this:
$subFolder = 'pages';
$current_page = $subFolder . DIRECTORY_SEPARATOR . 'home';
if (array_key_exists('page', $_GET)) {
$current_page = $subFolder . DIRECTORY_SEPARATOR . $_GET['page'] . '.php';
}
if (file_exists(__DIR__ . DIRECTORY_SEPARATOR . $current_page)) {
$page = $current_page;
} else {
$page = $subFolder . DIRECTORY_SEPARATOR . '404.php';
}
echo $page;
This does not require you to edit your code every time you add a new page. The code itself checks if the requested page exists in the pages directory.
I have this condition here:
if($_SERVER['REQUEST_URI'] != '/page.php' || ($_SERVER['REQUEST_URI'] != '/' && $_SERVER['REQUEST_URI'] != '/index.php')){
//do something, but not on index or page . php
}
it works on the index page, but not page.php...what am i doing wrong?
You can do it easier...
if( ! in_array( $_SERVER['REQUEST_URI'], array("/page.php", "/", "/index.php") ) ) {
// do something...
}
You have logical error use
if(!($_SERVER['REQUEST_URI'] == '/page.php' || $_SERVER['REQUEST_URI'] == '/' || $_SERVER['REQUEST_URI'] == '/index.php')){
//do something, but not on index or page . php
}
or better
if(!in_array($_SERVER['REQUEST_URI'], ["/page.php", "/", "/index.php"])){
//do something, but not on index or page . php
}
I am trying to make this IF statement to work:
" . ($currentpage == '/adver.php' ? 'active' : '' || $currentpage == 'editad.php' ? 'active' : '' ) . "
What I want to do, is that if the $currentpage is /adver.php or /editad.php, then "active" should be printed out.
The above doesn't work. How can I make the IF statement to function correct?
Use basename() with $_SERVER['PHP_SELF'] to get the current script file name and than compare
if(basename($_SERVER['PHP_SELF']) == 'adver.php' || basename($_SERVER['PHP_SELF']) == 'editad.php') {
echo 'class="active"'; //Whatever you want to echo
}
You can simply create a function(I often use) to get the script file name like
function script_name() {
return basename($_SERVER['PHP_SELF']);
}
Now you can use something like
(script_name() == 'index.php') ? '' : '';
When I use this to echo out the active page I often use something like
function is_active($script_name) {
if(basename($_SERVER['PHP_SELF']) == $script_name) {
return 'class="active"';
}
}
Now you can simply use the above function say in your menu like
<a href="index.php" <?php echo is_active('index.php'); ?>>
I believe you're using the ternary operator incorrectly.
You may want to try the following code:
($currentpage == '/adver.php' || $currentpage == 'editad.php') ? 'active' : ''
Remember that the syntax of the ternary operator is the following:
(comparison) ? (if true) : (if false)
Therefore, the full comparison should go at the beginning. Anyway, consider using a normal if/else when possible, as ternary operators might be confusing both for the writer and the reader (and furthermore, you don't really need the else in this case).
EDIT: I recommend using Mr. Alien's solution.
if($currentpage == "adver.php" || $currentpage == "editad.php") {
echo "Active";
}
If you insist on using the if shorthand, you can try something like:
" . ($currentpage == '/adver.php' ? 'active' : ($currentpage == 'editad.php' ? 'active' : '')) . "
Alternatively, you could something like:
" . (in_array($currentpage, array('/adver.php', 'editad.php')) ? 'active' : '') . "
There is a mistake to use '(' and ')'
Your should use like this
" . ($currentpage == '/adver.php') ? 'active' : '' || ($currentpage == 'editad.php') ? 'active' : '' . "
instead of
" . ($currentpage == '/adver.php' ? 'active' : '' || $currentpage == 'editad.php' ? 'active' : '') . "
I am unable to set session for $_SESSION['next'] under switch/case condition, while $_SESSION['user_id'] works perfectly before the condition. The script run into each condition of switch/case condition and redirect without setting $_SESSION['next']. Is there any specific reason why it fails to work? How to solve this?
require_once ('../src/facebook.php');
require_once ('../src/fbconfig.php');
//Facebook Authentication part
$user_id = $facebook->getUser();
if ($user_id <> '0' && $user_id <> '') {
session_start();
$_SESSION['user_id'] = $user_id;
switch((isset($_GET['page']) ? $_GET['page'] : '')){
case 'abc';{
$_SESSION['next'] = 'AAA';
echo "<script>top.location.href = 'https://www.example.com/xxx/'</script>";
exit;}
case 'def';{
$_SESSION['next'] = 'BBB';
echo "<script>top.location.href = 'https://www.example.com/xxx/'</script>";
exit;}
case 'ghi';{
$_SESSION['next'] = 'CCC';
echo "<script>top.location.href = 'https://www.example.com/xxx/'</script>";
exit;}
default;{
echo "<script>top.location.href = 'https://www.example.com/xxx/'</script>";
exit;}
}
} else {
echo "<script>top.location.href = 'https://www.example.com/xxx/'</script>";
exit;
}
Your switch is all wrong. Read the manual and try this:
<?php
switch ((isset($_GET['page']) ? $_GET['page'] : '')){
case 'abc':
$_SESSION['next'] = 'AAA';
echo "<script>top.location.href = 'https://www.example.com/xxx/'</script>";
break;
case 'def':
$_SESSION['next'] = 'BBB';
echo "<script>top.location.href = 'https://www.example.com/xxx/'</script>";
break;
case 'ghi':
$_SESSION['next'] = 'CCC';
echo "<script>top.location.href = 'https://www.example.com/xxx/'</script>";
break;
default:
echo "<script>top.location.href = 'https://www.example.com/xxx/'</script>";
break;
}
You're using exit in your switch, which (unless you want your script to end at the switch) is a no-no. Instead, you have to use the break keyword.
You also use semicolons and curly braces for each case.
case 'ghi';{ ... }
NO! Proper usage is
case 'ghi':
.
.
.
break;
Update: I just noticed you use this line:
if ($user_id <> '0' && $user_id <> '') { ... }
What is <> doing in PHP code? The "standard" operator for "not equals" is != in PHP. Use it correctly or no one will want to use your code.
Second update: You never set $_SESSION['next'] in your default case. It's very likely that your switch is always going to the default case. This would cause the behavior you're experiencing.
I suggest:
if (($user_id != '0') && ($user_id != ''))
(parentheses, and the != operator)
and also a DRYer switch:
$page = array_key_exists('page', $_GET) ? $_GET['page'] : '';
switch ($page) {
case 'abc':
$next = 'AAA';
$loc = 'https://www.example.com/xxx/';
break;
case 'def':
$next = 'BBB';
$loc = 'https://www.example.com/yyy/';
break;
... // and so on
}
if (isset($next)) {
$_SESSION['next'] = $next;
// If it does not work, you have problems with your session ID, maybe?
}
// I find this syntax easier
print <<<SCRIPT
<script type="text/javascript">
top.location.href = '$loc';
</script>
SCRIPT;
exit();
if (!$_GET['page'] || preg_match('/\W/', $_GET['page']) || !file_exists('./intl/tpl/tpl_source/' . $_GET['page'] . '.tpl'))
$_GET['page'] = 'index';
if ($_GET['page'] && $_GET['page'] != 'index') {
$smarty->assign("pg_" . $_GET['page'], true);
$smarty->display($_GET['page'] . ".tpl");
die();
}
This code let me open any page (?page=1, ?page=2 and so on, also it's mean if no page give, open index)
but i need specify which one user can open, so, code should look like:
if ($_GET['page'] = '21' || preg_match('/\W/', $_GET['page']) || file_exists('./intl/tpl/tpl_source/' . $_GET['page'] . '.tpl')) {
//my stuff
}
In short, i need specify which addresses user can open with $_GET['page'] (?page=21 ?page=22 and so on).
Sorry if question not clear.
You can simplify your code by using a typecast (for filtering!) and a simpler list of allowed pages:
$allowed_pages = array(1, 12, 21, 25, 32);
$page = (int)$_GET["page"]
and in_array($page, $allowed_pages)
and file_exists("./intl/tpl/tpl_source/$page.tpl")
or $page = "index";
$smarty->assign("pg_$page", true);
$smarty->display("$page.tpl");
die();
You can create a white list:
var $pages = array(
21 => true,
22 => true
);
// or
var $pages = array_flip(array(21, 22));
and test whether the page is in there:
if(isset($pages[$_GET['page']])) {
}