开发者

Help with PHP if / else statement

开发者 https://www.devze.com 2023-02-16 00:33 出处:网络
On my site, forms are brought in via AJAX and checked against a sessionid. I know this is not optimal, but it\'s working for us. If the referrer doesn\'t have the session ID they are redirected back t

On my site, forms are brought in via AJAX and checked against a sessionid. I know this is not optimal, but it's working for us. If the referrer doesn't have the session ID they are redirected back to "anotherpage". I need to allow some outside URL's access the form directly. we set the sessionid on the page with the link to the form.

Here is what we have now on the form page:

<?php
$code = $_GET['sessionid'];
if(strcmp( $code , 'XXXXX'  ) != 0) {
    header("Location: http://www.domain.com/anotherpage.php");
} 
?>

I need to allow some outside domains direct access to the form page开发者_如何学JAVA and am having issues with this: (I'm putting it above the head tag on the form page)

<?php
    $code = $_GET['sessionid'];
    $referrer = $_SERVER['HTTP_REFERER'];

    if(strcmp( $code , 'XXXXX' ) !=0) {
        header("Location: http://www.domain.com/anotherpage.php");
    } else {
        if (preg_match("/site1.com/",$referrer)) {
            header('Location: http://www.domain.com/desiredpage.php');
        }
    }
?>

this still bounces me back to "anotherpage.php" any ideas?

********EDIT******* thx for the help, it works ad I requested. Now I see what I asked wasn't entirely correct. This appends the URL with =sessionid?=XXXXX. This isn't an issue on my site because I'm loading the content with .jquery .load so the URL doesn't change. I don't want the sessionid to be visible, and now it is. Can I either a) "trim" the url somehow or b) separate the two functions so they are exclusive?


if(strcmp( $code , 'XXXXX' ) !=0) {
    if (preg_match("/site1.com/",$referrer)) {
        header('Location: http://www.domain.com/desiredpage.php');
    } else {
        header("Location: http://www.domain.com/anotherpage.php");
    }
} 


As I read your post, you want anyone from the preg_match to get the desired page regardless of sessionID status, so you don't want to test sessionID first.

Start the if block with the preg_match test.


Your first if is checking to see if they don't have the $code and redirecting them. This will always be the case. You should probably check the $referrer first and then do the $code check.


Try reverse if with else

<?php
    $code = $_GET['sessionid'];
    $referrer = $_SERVER['HTTP_REFERER'];
    if (preg_match("/site1.com/", $referrer)) {
        header('Location: http://www.domain.com/desiredpage.php');
    } else if (strcmp( $code , 'XXXXX' ) != 0) {
        header("Location: http://www.domain.com/anotherpage.php");
    }
?>


If I'm not misunderstanding this, the problem is in the order in which you are checking things.

If you want to allow some referrers to access the site even if they don't have the session id, you have to check for that before checking for the session id. Otherwise, they will end up being treated just like everyone else.

You can either switch the order of the conditions (first check for the referrer and then check fo the session id) or check for the referrer inside the branch in which you already know the session id is not valid.


The issue could be in your regex, it should be:

if (preg_match("/site1\.com/",$referrer))

notice escaping the dot (.)

0

精彩评论

暂无评论...
验证码 换一张
取 消