1

enter image description hereI am trying to use an if/else statement in PHP. Currently what I am trying to do is if the $_SESSION['usr']; is equal to the current directory ($dir_auth2) variable that the user is trying to access. Then they can access the directory or index.php I have in it. Else, if the $_SESSION['usr']; is != to the current directory, then redirect them to home page. Currently, when a user types in somebody else's directory, that is not theres they can access it. 

<?php
session_name('tzLogin');
session_set_cookie_params(2*7*24*60*60);
session_start();
//This if statement below is the problem
if($_SESSION['usr'] == $dir_auth1) {
  //This demo.php is the home page
  header("Location: demo.php");

} else {
  echo "You are logged in as " . $dir_auth1;
} 



$dir = getcwd();
$dir1 = str_replace('/home/pophub/public_html/', '/', $dir);


$dir_auth = getcwd();
$dir_auth1 = str_replace('/home/pophub/public_html/gallry/', '', $dir_auth);
echo $_SESSION['usr'];
echo $dir_auth1;

 $dir_user = getcwd();
 $dir_user1 = str_replace('/home/pophub/public_html/gallry', '', $dir_user);


?>
aidangig
  • 199
  • 1
  • 12
  • Currently, when the user is not logged in it works, where they cant access an account. But if a user is logged in, they can access anyone's directory. – aidangig Feb 08 '16 at 20:55
  • if you `echo $_SESSION['usr']` and `echo $dir_auth2` - what's your result? – daxro Feb 08 '16 at 20:55
  • @daxro Im uploading a pic now, but currently when you echo $_SESSION['usr'] it displays the user logged in, but when you echo $dir_auth2 it displays the current directory, which should be the same as the $_SESSION['usr'], if it is not the same then they can not access the account. at least there suppose to not be able to. – aidangig Feb 08 '16 at 20:59
  • 1
    where are you defining `$dir_auth2`? – WheatBeak Feb 08 '16 at 21:01
  • @WheatBeak $dir_auth2 is basically pointless as of now, it is just a recycled variable of $dir_auth1. Sorry, about that. – aidangig Feb 08 '16 at 21:05
  • @aidangig but how would you then be able to figure out if there's something wrong with the if-statement, if the variable itself is pointless? =) – daxro Feb 08 '16 at 21:06
  • Well if your statement is supposed to be `if($_SESSION['usr'] == $dir_auth1)` then I'm guessing the only reason it isn't working is because you need to run the if/else statement below where the variable is defined. – WheatBeak Feb 08 '16 at 21:07
  • As you can see in my pic above, those are the 2 variables (`$_SESSION['usr']`, and `$dir_auth2`) after being echoed through. I am trying to take them if they echo to the same value to grant the user access but if the user, is not the same as the directory ($dir_auth2), they cant access it at all. They basically have to be logged in access the directory. – aidangig Feb 08 '16 at 21:07
  • Your `if/else` code seems to do the opposite of what you describe in the question. You're redirecting when the user is in the current directory, but you said it should redirect when it's **not** equal. – Barmar Feb 08 '16 at 21:09
  • @Barmar yes, when I flip the 2 functions in the if/else, it does not work. It redirects even if they are the same, it just doesnt make sense. – aidangig Feb 08 '16 at 21:12
  • 1
    @aidangig Did you see my comment above? In your code you're trying to use a variable in the if/else statement that you haven't defined yet, the if/else must come after the variable is defined. – WheatBeak Feb 08 '16 at 21:14
  • Where do you set `$dir_auth2`? The code at the bottom sets `$dir_auth` and `$dir_auth1`, but nothing sets `$dir_auth2`. – Barmar Feb 08 '16 at 21:15
  • Ah okay, I updated the condition to `$dir_auth1` instead of 2, but the same result. – aidangig Feb 08 '16 at 21:16
  • Can you update your code in the question to what you have now? – WheatBeak Feb 08 '16 at 21:16
  • That's because `$dir_auth1` is defined **after** that `if` – radoh Feb 08 '16 at 21:16
  • `if($_SESSION['usr'] == $dir_auth1) { echo "You are logged in as " . $dir_auth1; die(); } else { header("Location: demo.php"); } ` – aidangig Feb 08 '16 at 21:17
  • Oh Okay! Php executes in order! – aidangig Feb 08 '16 at 21:19

2 Answers2

1

Either you haven't posted the whole script or you don't define $dir_auth2 anywhere. Which is bad since you rely on its value in

if($_SESSION['usr'] == $dir_auth2) {

Also, you should use die() after calling header()

header("Location: demo.php");
die();

How to make a redirect in PHP?

Community
  • 1
  • 1
radoh
  • 4,554
  • 5
  • 30
  • 45
  • while sound advice, this doesn't really qualify as an answer to the OP's question. :P – WheatBeak Feb 08 '16 at 21:02
  • @radoh when I add die to the if statement it doesnt seem to change anything. What is the die function suppose to do? – aidangig Feb 08 '16 at 21:04
  • @WheatBeak OP said 'Currently, when a user types in somebody else's directory, that is not theres they can access it. ' - I'm assuming that is the problem, which is caused by not redirecting properly – radoh Feb 08 '16 at 21:05
  • @aidangig It's just like `exit()`, it ends the script. – Barmar Feb 08 '16 at 21:06
  • It redirects properly, properly to the demo.php, but the main issue is with the if statement's (condition) where `if($_SESSION['usr'] == $dir_auth2)` when the 2 variables in that condition are the same, directory is accessible but when they are different it seems to also work, why? – aidangig Feb 08 '16 at 21:11
1

I think this is what you're looking for.

You need to define the variable $dir_auth1 before trying to use it in the if/else statement.

Also I think what you want is != instead of ==

<?php
session_name('tzLogin');
session_set_cookie_params(2*7*24*60*60);
session_start();

$dir = getcwd();
$dir1 = str_replace('/home/pophub/public_html/', '/', $dir);
$dir_auth = getcwd();
$dir_auth1 = str_replace('/home/pophub/public_html/gallry/', '', $dir_auth);
$dir_user = getcwd();
$dir_user1 = str_replace('/home/pophub/public_html/gallry', '', $dir_user);


if($_SESSION['usr'] != $dir_auth1) {
    header("Location: demo.php");
} else {
    echo "You are logged in as " . $dir_auth1;
} 
?>

Also you can combine all of your string functions into one like so:

$dir_auth1 = str_replace(array("/home/pophub/public_html/","/home/pophub/public_html/gallry/"),"",getcwd());
WheatBeak
  • 1,036
  • 6
  • 12
  • Hey, okay the code kinda works, it definitely is functioning better than it did. Though, I have it echoing the `$SESSION['usr']` and the `$dir_auth1` and it still is accessible. – aidangig Feb 08 '16 at 21:26