redirecting based on login credentials

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

redirecting based on login credentials

Post by Luke »

Is there any possible pitfals when doing this:

Code: Select all

if(!$user->logged_in()){
    // Redirect to login page
    exit;
}
// Do logged in stuff
instead of this:

Code: Select all

if($user->logged_in()){
    // Do logged in stuff
}
else{
    // Redirect to login page
}
Last edited by Luke on Thu Aug 10, 2006 5:34 pm, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

written correctly (i.e. make sure there's an exit()).. either works just fine.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

like that?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Image
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

If it's properly encapsulated, you should be able to get away with a return rather than an exit. But yeah, it shouldn't be a big deal (unless you have some majorly important post-script hook)
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

First one if preferible because there less logic nesting.
Post Reply