Reputation: 314
Why does 'if statement' ignores conditions or reads them as if they are not true when they actually are?
I stumbled upon something that is causing me real hard time and I can't figure it out so, please take a look at my situation and help me out...
I am writing a code that is supposed to prevent some of the website users from accessing a specific part of the website called orders.php
Each user has a previously assigned role and I am trying to achieve this restriction by allowing only a few of the roles to access it so if you don't have some of the specific roles that are allowed to visit the website assigned to you, you get redirected to the homepage.
These is one of the ways that I've tried
if( $userrole !== 'Administrator' OR
$userrole !== 'Manager' OR
$userrole !== 'Product Hunter' OR
$userrole !== 'Product Selector' OR
$userrole !== 'Analytic' OR
$userrole !== 'Order Manager'){
header('Location: ../dashboard.php');
die;
}
else{
//code here
}
I tried using || instead of OR but it is not working either
I also tried using elseif statement for each role like this:
if( $userrole !== 'Administrator'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Manager'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Product Hunter'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Product Selector'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Analytic'){
header('Location: ../dashboard.php');
die;
}
elseif( $userrole !== 'Order Manager'){
header('Location: ../dashboard.php');
die;
}
else{
//code goes here
}
As far as I understand, the code shall continue to execute the else statement the moment it reads your role name, for an example if you are an Administrator, then it shall execute the else statement because it is said that if you are not some of the specified roles then you will be redirected and since you are one of the specified roles then the code shall execute for you but for some odd reason it is redirecting you to the homepage no matter if you are an Administrator, Manager or a Visitor...
The only way the code allows you to visit the website instead of redirecting you to the homepage is when you have only one role specified, for an example:
if( $userrole !== 'Administrator'){
header('Location: ../dashboard.php');
die;
}else{
//code goes here
}
This way, if you are an Administrator, then you are allowed to visit the page, and if you have any different role then you get redirected.
The reason I use !== is because I want the code to define if this user can visit this part of the website at the beginning instead of telling it to show the code to the users with these few specific roles and redirect everyone else.
$userrole is previously set to equal a $_SESSION variable which contains the value of the actual role of the user and is defined at login, if I echo it, it prints the name of the role so that is not causing the problem for sure.
I've found some posts suggesting using switch statements but I haven't tried them yet since I prefer doing it this way if possible.
Thanks in advance!
Upvotes: 1
Views: 78
Answers (3)
Reputation: 41820
$userrole is one thing, so it can only be equal to one thing, which means it will be not equal to everything else.
So when you compare it to a set of things using !==, only one of those comparisons can possibly be false. When you construct a boolean expression by connecting a set of expressions using OR or || then only one of the inner expressions has to be true for the entire expression to be true.
Take a specific example where $userrole = 'Administrator'.
$userrole !== 'Administrator' will be false, but $userrole !== 'Manager' and all of the other comparisons will be true. So the expression becomes
if( false OR
true OR
true OR
true OR
true OR
true){
header('Location: ../dashboard.php');
die;
}
Which simplifies to
if (true){
header('Location: ../dashboard.php');
die;
}
Same deal with your elseif approach. Only one of the elseifs can possibly be false.
Other answers have already offered some good ideas for other ways to do this. I just wanted to add a bit more explanation. (I would go with one of the in_array methods, personally.)
Upvotes: 2
Reputation: 681
You need to use and operator. You redirect to dashboard if user has neither of these roles
if( $userrole !== 'Administrator' &&
$userrole !== 'Manager' &&
$userrole !== 'Product Hunter' &&
$userrole !== 'Product Selector' &&
$userrole !== 'Analytic' &&
$userrole !== 'Order Manager'
){
header('Location: ../dashboard.php');
die;
}
else{
//code here
}
Upvotes: 1
Reputation: 775
i think you want to do this, because you want to restrict this page if the user has not a required role:
if( $userrole !== 'Administrator' &&
$userrole !== 'Manager' &&
$userrole !== 'Product Hunter' &&
$userrole !== 'Product Selector' &&
$userrole !== 'Analytic' &&
$userrole !== 'Order Manager'){
header('Location: ../dashboard.php');
die;
}
else{
//code here
}
better way I think:
$aAllowedRoles = array(
'Administrator',
'Manager',
'Product Hunter',
'Product Selector',
'Analytic',
'Order Manager'
);
if ( !in_array($userrole, $aAllowedRoles) ) {
header('Location: ../dashboard.php');
die;
}
// code here
Upvotes: 4
Related Questions
- PHP if condition not evaluating correctly
- PHP - Can if-statement being ignored/skipped for some reason?
- Strange behaviour of an IF condition
- Why does a second if work when an else doesn't? (PHP)
- PHP if or statement not working as expected
- PHP Enters "if"although condition can't be true
- Weird if elseif logic in PHP
- Strange behaviour of conditions in PHP
- if and else are both true
- Strange php if statement problem