Page 1 of 1

if else statement not working

Posted: Fri Apr 05, 2013 5:45 am
by jonnyfortis
i have the following if else

Code: Select all

$status = $row_rsTenant['userAccess'];

if($status == "1")
{
		  header("location: http://www.website.com/userpage.php");
}
else
{
	       header("location: http://www.website.com/no-authorisation.php");
}

but its not working correctly what is happening is if the value is set to "1" then is is landing on the failed.php (in the URL - failed.php?accesscheck=%2Fuserpage.php)

here is the userpage.php code

Code: Select all

<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);
	
  $logoutGoTo = "login.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "failed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_rsTenant = "-1";
if (isset($_SESSION['MM_Username'])) {
  $colname_rsTenant = $_SESSION['MM_Username'];
}
mysql_select_db($database_Letting, $Letting);
$query_rsTenant = sprintf("SELECT * FROM LettingsTenApp, LFeProp WHERE tenEmail = %s AND LettingsTenApp.propID = LFeProp.propID", GetSQLValueString($colname_rsTenant, "text"));
$rsTenant = mysql_query($query_rsTenant, $Letting) or die(mysql_error());
$row_rsTenant = mysql_fetch_assoc($rsTenant);
$totalRows_rsTenant = mysql_num_rows($rsTenant);

$duration = $row_rsTenant['rentDuration'];

$status = $row_rsTenant['userAccess'];

// Redirect user if thier application is completed
if($status == "0")
{
		  header("location: http://www.website.com/no-authorisation.php");
          exit;
}
?>

if the value is "0" then it directs to no-authorisation.php which is correct. ( i will note that on this page there is no restriction on user access)

thanks in advance

Re: if else statement not working

Posted: Fri Apr 05, 2013 12:30 pm
by requinix
I take it the first bit is some kind of login page? What's the rest of the code? Are you setting $_SESSION["MM_Username"]?

Re: if else statement not working

Posted: Mon Apr 08, 2013 7:21 am
by Mordred
Even if $_SESSION["MM_Username"] were set, the list of allowed users is empty.
Also, the header calls in the first file need an exit() after them.

Re: if else statement not working

Posted: Fri Apr 12, 2013 11:59 am
by jonnyfortis
Even if $_SESSION["MM_Username"] were set, the list of allowed users is empty.
Also, the header calls in the first file need an exit() after them.
so what do i need to do to overcome the problem please?

Re: if else statement not working

Posted: Fri Apr 12, 2013 3:11 pm
by pickle
Where is "failed.php"? You say the user is incorrectly getting sent to failed.php, but your code doesn't have a "failed.php"

Re: if else statement not working

Posted: Fri Apr 12, 2013 3:18 pm
by jonnyfortis
$MM_restrictGoTo = "failed.php";

Re: if else statement not working

Posted: Fri Apr 12, 2013 3:29 pm
by pickle
You've got a lot of code in there, much that is likely not relevant to the problem at hand. Try distilling the problem and code down to just the bare minimum. If you've got a simple if/else statement that's not working, then likely the conditions going into the if/else are not what you expect. For example, if you think $status is "1" but it's still going to failed.php, then $status is clearly not "1". Check code upstream to figure out what $status actually is.