0

following issue: I've got an controller.php which catches two $_GET-Values from the entered URL.

  • $view = $_GET['view']
  • $sitename = $_GET['site']

Now I want to check if the $sitename is "leichtathletik" or "landingpage" or "galerie" or "anlaesse" or "mitglieder"

AND

if the $view is "visitor" or "admin" or "member"

IF false

Forward to an 404 Errorpage

if true run the following code

if (
    ($sitename != "landingpage" 
        && $sitename != "leichtathletik" 
        && $sitename != "mitglieder" 
        && $sitename != "anlaesse" 
        && $sitename != "galerie") 
    || ($view != "visitor" 
        && $view != "member" 
        && $view != "admin")
) {
    header("HTTP/1.0 404 Not Found"); //prüft ob der Sitename und der Viewname gültig sind. Wenn nicht -> Error
    exit();

} else {
    //run code
    }
}

With this Code I can insert a wrong $view or $sitename and it doesn't forward to the 404 Page

The orignal url is like: www.domain.tld?view=xxx&sitename=xxx

The rewritten url is like: www.domain.tld/view/sitename.php . Where is the mistake?

fpietka
  • 1,027
  • 1
  • 10
  • 23
tupic92
  • 159
  • 1
  • 3
  • 11
  • Why not break it into logical blocks instead of trying to string everything together into one giant if? It will make it easier for you to spot the issue. – Jonnix Sep 28 '15 at 16:07
  • You **must** review your statement. If it's too long and complex, there is always a better, simpler way. If your keywords are meant to be evaluated very specifically like you've presented, consider writing a function that iterates an array of possibilities, or even a switch for every keyword. – al'ein Sep 28 '15 at 16:12
  • Check out this question: http://stackoverflow.com/questions/5534268/headerhttp-1-0-404-not-found-not-doing-anything – amklose Sep 28 '15 at 16:14
  • You are not forwarding anywhere here, just setting headers. – fpietka Sep 28 '15 at 16:29
  • ok I'll try it with breaking down the statement in smaller if-statments – tupic92 Sep 28 '15 at 16:35

2 Answers2

0

This is one area where a simple switch could help clean this up. And then we'll put that into a function so it's compact and easy to understand

function redirect($site, $view) {
    switch($site) {
        case 'landingpage':
        case 'leichtathletik':
        // etc
        case 'galerie':
            return true; break;
        // no default since we don't want it to do something if no matches
    }
    // Now do the same for $view    
    return false; // Should only reach this if you don't match anything
}
Machavity
  • 30,841
  • 27
  • 92
  • 100
0

thanks for your inputs guys.

I fixed it with this statement:

    if($sitename=="landingpage" || $sitename=="leichtathletik" || $sitename=="galerie" || $sitename=="anlaesse" || $sitename=="mitglieder"){

    //code

    }else{
       header("HTTP/1.0 404 Not Found");
     header('Location:http://www.xxx.ch/error/error404.html'); 
    }

}else{
     header("HTTP/1.0 404 Not Found");
     header('Location:http://www.xxx.ch/error/error404.html');
}

}

tupic92
  • 159
  • 1
  • 3
  • 11