Page 1 of 1

Small Problem, Please help?

Posted: Wed Mar 17, 2004 6:50 pm
by Joe
I am trying to create a secure area of my site where only 2 people are allowed. For now its a basic protection but i can't get it to work. What I am trying to do is make the script check the users session to see if it matches 1 of 2 names. If so it proceeds, else an error message is displayed. All worked great but when i tried the script out with different usernames it still let me in. What am I doing wrong here. Script below:

<?php
$name = $_SESSION['username'];

if (isset($_SESSION['username']) != 'Joe' || isset($_SESSION['username']) != 'Paul')
{
echo "<b>Sorry, You are not authorized to access this area of the site.<p></b>";
echo "Click <A href='???'>here</A> to go to the index page!";
exit;
}
else
{
echo "great!";
exit;
}


Regards


Joe 8)

Posted: Wed Mar 17, 2004 7:03 pm
by Goowe
Instead of || in the if() statement try &&

Posted: Wed Mar 17, 2004 7:05 pm
by Joe
But that would just test to see is you have both the sessions.

Hmm

Regards


Pr0zaK 8)

Posted: Wed Mar 17, 2004 7:08 pm
by Goowe
Did you try it yet?

Re: Small Problem, Please help?

Posted: Wed Mar 17, 2004 7:08 pm
by TheBentinel.com
The isset() function returns either true (if the variable is set) or false, it doesn't return the value. Your script might work if you say:

(Changed || to &&, as Goowe suggested)

Code: Select all

<?php
$name = $_SESSION['username'];

if (isset($_SESSION['username'] = false || ($_SESSION['username'] != 'Joe' && $_SESSION['username'] != 'Paul'))
{
 echo "<b>Sorry, You are not authorized to access this area of the site.<p></b>";
 echo "Click <A href='???'>here</A> to go to the index page!";
 exit;
}
else
{
 echo "great!";
 exit;
}

Posted: Wed Mar 17, 2004 7:16 pm
by markl999
Or...

Code: Select all

<?php

$allowed = array('Joe', 'Paul');
if (empty($_SESSION['username']) || !in_array($_SESSION['username'], $allowed))
{
  echo '<b>Sorry, You are not authorized to access this area of the site.<p></b>';
  echo 'Click <A href="???">here</A> to go to the index page!';
  exit;
} else {
  echo 'great!';
  exit;
}

?>

Posted: Wed Mar 17, 2004 7:16 pm
by Goowe
Very cool mark! I've never seen it done like that :roll: I'm still learning... thanks for the other examples!

Posted: Wed Mar 17, 2004 7:22 pm
by Joe
Hey marc that worked like a treat. Thanks a lot bud!

Regards


Joe 8)

Re: Small Problem, Please help?

Posted: Wed Mar 17, 2004 7:26 pm
by JAM
TheBentinel.com wrote:

Code: Select all

if (isset($_SESSION['username'] = false || ($_SESSION['username'] != 'Joe' && $_SESSION['username'] != 'Paul'))
Just for future record;
A) if the session 'username' is set with FOO, it will pass. As the next post shows, a variant of empty() usage is preferred.
B) we are setting the session to 'false' (likely just spelling error).

Re: Small Problem, Please help?

Posted: Wed Mar 17, 2004 7:45 pm
by TheBentinel.com
JAM wrote: B) we are setting the session to 'false' (likely just spelling error).
Ah yes. I have to do this every few days just to keep my reputation for being a sloppy coder.

Code: Select all

$testMe = 5;
if ($testMe = 0) echo "It's zero!";
echo $testMe;
This outputs "0", but it looks like it ought to output "5". The reason is that even though I'm doing it in an "if" statement, the phrase "$testMe = 0" sets the value to 0. What I should say is:
if ($testMe == 0) echo "It's zero!";

And there's even a === which means "is it equal, and is it of the same datatype", I think.

Posted: Wed Mar 17, 2004 8:02 pm
by JAM
I tried to edit your post to change that and leave a smaller note of why, but apparently, or so I think, mark made his post at the same time giving me a wierd update post error...

You are by all means not alone. I can't remember all the times I've done this myself either... ;)