2

My PHP application looks like this:

<?php
// File: index.php

// some code...
include( 'template/header.php' );

// More code, for example:
echo "Subscribe to our newsletter here: ...";

And template file:

<?php
// File: template/header.php

$user = get_loggedin_user()
if ( ! $user ) {
  echo 'Please log in';
  return;  // Question is about this statement!
}

// Long PHP code follows, for simplicity reduce it to:
echo "You are logged in as $user";

You see in the condition in template/header.php I use return to skip the header if user is not logged in. I do not want to use else because the code that follows is quite long and nested, so I want to avoid adding another nesting level here...

This usage of return seems to work correctly on php 5.6

Question:

  • Is this correct, or is there a more appropriate way to skip rest of the header file?
  • You know of any notices/warnings/errors that PHP could throw here?
axiac
  • 68,258
  • 9
  • 99
  • 134
Philipp
  • 10,240
  • 8
  • 59
  • 71
  • 2
    This is possible and "safe", though not the normal approach. Usually you would have the condition in your controller action and have two different views, one for authenticated users, one to login. – arkascha Jan 24 '16 at 19:11
  • I frequently use `$config = include '/path/to/config.php';`. With `'bar);`, as an example of the config file. And that's common practice. – Progrock Jan 24 '16 at 19:11
  • 1
    See: http://stackoverflow.com/questions/1314162/return-from-include-file , and there is mention in the php manual example #5: http://php.net/manual/en/function.include.php – Progrock Jan 24 '16 at 19:17
  • Perfect :) FYI: My code is not about header/logged in users (actually I build some popup-contents via ajax response). But for simplicity I used this example since everyone understands the workflow here... – Philipp Jan 24 '16 at 19:24
  • 1
    Have you read the documentation of the [`return` statement](http://php.net/manual/en/function.return.php)? (I guess not). The answers to your questions are provided there. – axiac Apr 30 '17 at 21:01

2 Answers2

1

Short answer: Yes

Possible, safe, officially supported.

Successful includes, unless overridden by the included file, return 1. It is possible to execute a return statement inside an included file in order to terminate processing in that file and return to the script which called it. Also, it's possible to return values from included files.

Example:

<?php
// return.php
$var = 'PHP';
return $var;
?>

<?php
// noreturn.php
$var = 'PHP';
?>

<?php
// Test script

$foo = include 'return.php';
echo $foo; // prints 'PHP'

$bar = include 'noreturn.php';
echo $bar; // prints 1
?>
Philipp
  • 10,240
  • 8
  • 59
  • 71
1

What I like to do is thow a custom exception, because you can catch exceptions, even when you call a function with the login validation in it.

Return should be sufficient if the PHP code is in your current scope, but return is not sufficient when validating if your user is logged in within a function.

To demonstrate this I have attached 2 PHP files below, index.php file which I assume is the file you're executing and a functions file called func.php.

index.php

<?php

require('func.php');

try {
  $user = get_loggedin_user();
} catch(NotLoggedInException $e) {
  echo 'do your redirect here';
  die();
}

var_dump($user); // shows user value

func.php

<?php

class NotLoggedInException extends Exception {

}


function get_loggedin_user() {
    throw new NotLoggedInException("User is not logged in");
}
Neil Yoga Crypto
  • 615
  • 5
  • 16