0

I have been having some problem getting the header() to initialize with this code. It seems that the if statement doesn't work with query variables?

In init.php the function $user_data is defined. $url is the $_GET code in the url-bar of the browser (in this case a 6 digit random code). The variables seem to work, since I tried to output them already. The problem seems to be the if statement though. I do not get an error message. The header() just does not initiate, even though I am not logged in and the url is set to public === 0 in MySQL. Where am I going wrong?

include 'core/init.php';
include 'includes/head.php';
$url = $_SERVER['QUERY_STRING'];
$url = sanitize($url);

$public_arr = mysql_query("SELECT `public` FROM `uploads` WHERE `url` = '$url' AND `active` = 1") or die(mysql_error());
$public_arr = mysql_fetch_assoc($public_arr);
$public = $public_arr['public'];

$owner_arr = mysql_query("SELECT `owner` FROM `uploads` WHERE `url` = '$url' AND `active` = 1") or die(mysql_error());
$owner_arr = mysql_fetch_assoc($owner_arr);
$owner = $owner_arr['owner'];

global $user_data;
if ($public === 0 AND $owner !== $user_data['username'] || logged_in() === false) {
    header('Location: mainpage.php');
    exit();
}

$name_arr = mysql_query("SELECT `name` FROM `uploads` WHERE `url` = '$url' AND `active` = 1") or die(mysql_error());
$name_arr = mysql_fetch_assoc($name_arr);
$name = $name_arr['name'];
Nathaniel Ford
  • 20,545
  • 20
  • 91
  • 102
EthanBilly
  • 3
  • 1
  • 2
    http://php.net/manual/en/function.error-reporting.php - if the header doesn't work, then `if ($public === 0 AND $owner !== $user_data['username'] || logged_in() === false)` failed you, and/or you're outputting before header. – Funk Forty Niner Feb 16 '16 at 16:41
  • Try `if ($public === 0 AND ($owner !== $user_data['username'] || logged_in() === false)) {` or `if (($public === 0 AND $owner !== $user_data['username']) || logged_in() === false) {`, depending on what you're after. You should clarify in the code, to avoid issues, on how you want the `||` parameter to behave. Can you also edit your question to clarify what values `$public` and `$owner` have? Also, use `die('this works');` to check this clause is being caught. (sorry for the long comment!). – Egg Feb 16 '16 at 16:48
  • @Egg Thank you two for your answers. Dummy me used === to compare '0' with 0. I fixed it and it works perfectly fine. Have a great day :) – EthanBilly Feb 16 '16 at 16:55
  • 1
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Feb 16 '16 at 17:05
  • @EthanBilly You're welcome, I'll repost as an answer for you to accept to help any others coming here. – Egg Feb 16 '16 at 17:27

2 Answers2

1

Assuming the variable values are as you say they are, try checking these vlaues are equal to and not identical, some times the types can vary (integers like 0 may be strings like "0").

if ($public == 0 AND $owner != $user_data['username'] || logged_in() === false) {
    header('Location: mainpage.php');
    exit();
}

As @jay-blanchard says, you should be using MySQLi functions instead of mysql_* for many reasons - the main that they're not supported as standard in PHP any more!

Egg
  • 1,782
  • 1
  • 12
  • 28
0
if ($public === 0 AND $owner !== $user_data['username'] || logged_in() === false)

should be

if (($public === 0 && $owner !== $user_data['username']) || logged_in() === false)
psx
  • 4,040
  • 6
  • 30
  • 59