CODEWITHSUNDEEP
phpif-statement
doublelift2
doublelift2

Reputation: 15

two if statements in php

I have two seperate if statements, the first if statement is not working but the second one is. The first if statement works on my other pages and I am unsure of how to properly code this as I am a beginner to PHP.

<?php 
session_start();

if($_SESSION['loggedin'] != 'true') {
    header("location:login.php"); 
} 

if ($_SESSION['admin']=='N') {
    header("location:errorpage.php");
    }
?>

Upvotes: 0

Views: 99

Answers (4)

Pedro Amaral Couto
Pedro Amaral Couto

Reputation: 2115

Always add an exit() or die() after sending a "Location" HTTP header:

<?php 
session_start();

if($_SESSION['loggedin'] !== 'true') {
    header("location:login.php"); 
    exit();
} 

if ($_SESSION['admin'] === 'N') {
    header("location:errorpage.php");
    exit();
}

Check: php - Should I call exit() after calling Location: header?.

From aaronsaray blog:

Remember, just because the browser is smart enough not to show the content, doesn’t mean that this isn’t dangerous. So, it’s a little less dangerous say if this page is just showing a user search option or some information. It is much more dangerous if this is a page that executes an action. This is because the entire PHP page will execute if you don’t put a die() statement.

On other cases, if you want a condition to be evaluated only when a previous condition is false, you may use a "else if".

Upvotes: 0

Steve_B19
Steve_B19

Reputation: 548

Try using Boolean values rather than strings. I would also use a const for the admin variables. I would do the following;

$_SESSION['loggedin'] = true/false;
$_SESSION['admin'] = true/false;

 public class Priviledges
 {
    public CONST Admin = 0;
    public CONST User = 1;
    public CONST Contributor = 3;

    //change this to however you want to do it :)
    public static function isAdmin($val)
    { 
      if ($val == Priviledges::Admin)
      { 
        return true; 
      }
      else 
      { 
        return false; 
      }
    }
 }

then when you set the admin session variable you can go;

$_SESSION['admin'] = Priviledges::Admin;

if(!$_SESSION['loggedin']) 
{
  header("location:login.php");
  exit() 
} 
else if (!Priviledges::isAdmin($_SESSION['admin']))
{
  header("location:errorpage.php");
  exit()     
}
else
{ //do your stuff if none of these conditions are met.. }

Upvotes: 0

trzyeM-
trzyeM-

Reputation: 943

What is true in your conditions? It can be bool type or string type.

If You set like this:

$_SESSION['loggedin'] = TRUE;
$_SESSION['loggedin'] = 'true';

You have got two different variable sets.

You can compare it using == or === to include variable type.

For example:

$_SESSION['test_1'] = TRUE;
$_SESSION['test_2'] = 'true';
var_dump( $_SESSION );
array(2) { ["test_1"]=> bool(true) ["test_2"]=> string(4) "true" }

Upvotes: 1

Cr41s3
Cr41s3

Reputation: 97

$_SESSION['loggedin']?

Why don't just clear every SESSION var on logout and if the SESSION vars are set => the user is logged in. And use after the header(); an exit();

Try var_dump($_SESSION['loggedin']) and edit your question.

Or maybe your loggedin var is not a string but a boolean so you could do if(!$_SESSION['loggedin'])

Upvotes: 0

Related Questions