if else statement not working
Posted: Fri Apr 05, 2013 5:45 am
i have the following if else
but its not working correctly what is happening is if the value is set to "1" then is is landing on the failed.php (in the URL - failed.php?accesscheck=%2Fuserpage.php)
here is the userpage.php code
if the value is "0" then it directs to no-authorisation.php which is correct. ( i will note that on this page there is no restriction on user access)
thanks in advance
Code: Select all
$status = $row_rsTenant['userAccess'];
if($status == "1")
{
header("location: http://www.website.com/userpage.php");
}
else
{
header("location: http://www.website.com/no-authorisation.php");
}but its not working correctly what is happening is if the value is set to "1" then is is landing on the failed.php (in the URL - failed.php?accesscheck=%2Fuserpage.php)
here is the userpage.php code
Code: Select all
<?php
//initialize the session
if (!isset($_SESSION)) {
session_start();
}
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session varialbles
$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['PrevUrl']);
$logoutGoTo = "login.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";
// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;
// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}
$MM_restrictGoTo = "failed.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
$colname_rsTenant = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_rsTenant = $_SESSION['MM_Username'];
}
mysql_select_db($database_Letting, $Letting);
$query_rsTenant = sprintf("SELECT * FROM LettingsTenApp, LFeProp WHERE tenEmail = %s AND LettingsTenApp.propID = LFeProp.propID", GetSQLValueString($colname_rsTenant, "text"));
$rsTenant = mysql_query($query_rsTenant, $Letting) or die(mysql_error());
$row_rsTenant = mysql_fetch_assoc($rsTenant);
$totalRows_rsTenant = mysql_num_rows($rsTenant);
$duration = $row_rsTenant['rentDuration'];
$status = $row_rsTenant['userAccess'];
// Redirect user if thier application is completed
if($status == "0")
{
header("location: http://www.website.com/no-authorisation.php");
exit;
}
?>if the value is "0" then it directs to no-authorisation.php which is correct. ( i will note that on this page there is no restriction on user access)
thanks in advance