Jump to content

Not redirecting page properly - Part 2


HDFilmMaker2112

Recommended Posts

Partially a continuation from my other thread, as this a little similar, but...

 

The below should be redirecting a user that is not logged into the admin control panel back to the admincp log-in page. Instead it's showing the actual page. This is only the case if the user has a cadmin number of 3 or 4... so it is limiting the access to people that should have access and blocking those that shouldn't. But it should still be pointing a user not logged in back to the admincp log-in page because the mypassword3 session variable should not be set. When I var_dump $_SESSION mypassword3 is NULL. Everything else is set properly.

 

<?php
require_once 'db_select.php';
require_once 'func.php';
session_start();
$cadmin2=$_SESSION['admin_check'];
if($cadmin2=="4" || $cadmin2=="3"  && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){
if($_GET['view']=="applications"){
$section.=' - New Applications';
$content.='
<div class="main">
<div class="main_header">New Investor Applications</div>
</div>
';
}
elseif($_GET['view']=="accounts"){
$section.=' - View Accounts';
$content.='
<div class="main">
<div class="main_header">View Investor Accounts</div>
</div>
';
}
else{
header("Location: ./index.php?admincp");
}
}
else{
header("Location: ./index.php?usercp");
}
?>

 

 

Here's the admin panel/admin panel log-in if it helps anything:

 

<?php
require_once 'func.php';
session_start();
$cadmin2=$_SESSION['admin_check'];
if($cadmin2=="3" || $cadmin2=="4"){
if(isset($_SESSION['myusername2']) && kam3($_POST['password'])==$_SESSION['mypassword2'] || isset($_SESSION['myusername2']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){
if(!empty($_POST['password'])){
$_SESSION['mypassword3']=kam3($_POST['password']);
}
$content.='
<div class="main">
<p class="main_header">Admin Control Panel</p>
</div>

<div class="usercp_links">';
if($cadmin2=="4"){
$content.='
<div class="ilink">
<a href="./index.php?admincp=users&do=add">New User</a>
</div>
<div class="ilink">
<a href="./index.php?admincp=investors&view=applications">Investor Applications</a>
</div>
<div class="ilink">
<a href="./index.php?admincp=requests&view=donation">Additional Donation Requests</a>
</div>
';
}
$content.='
<div class="ilink">
<a href="./index.php?admincp=manage&view=ideas">Manage Idea Submissions</a>
</div>
</div>

<div class="usercp_links">';
if($cadmin2=="4"){
$content.='
<div class="ilink">
<a href="./index.php?admincp=users&do=edit">Edit Users</a>
</div>
<div class="ilink">
<a href="./index.php?admincp=investors&view=accounts">Investor Accounts</a>
</div>
<!--<div class="ilink">
<a href="./index.php?admincp=requests&view=credit">Additional Credit Requests</a>
</div>-->';
}
$content.='
<div class="ilink">
<a href="./index.php?admincp=manage&view=exclusive">Manage Exclusive Content</a>
</div>
<div class="ilink">
<a href="./logout.php?logout=admin">Log-Out</a>
</div>
</div>';
}
else{
if(!isset($_SESSION['myusername2'])){
header("Location: ./index.php");
}
$content='
<table class="actors_table">
<tr>
<td align="center">';

if(isset($_GET['e']) && $_GET['e']=="0")
{
$content .= '<span style="color: #FF0000; font-weight: bold;">Incorrect Username or Password</span><br/><br/>';
} 

else{
$content .="";
}

$content .='Re-Type your password to view this information:
<form action="" method="post">
    <p>Username: <input type="text" name="username" value="'.$_SESSION['myusername2'].'" disabled="disabled" /></p>
<p>Password: <input type="password" name="password" /></p>
    <p><input type="submit" value="Submit" name="Submit" /></p>
    </form>

</td>
</tr>
</table>
';
}
}
else{
header("Location: ./index.php?usercp");
}
?>

Link to comment
Share on other sites

First:

$section.=' - New Applications';

$content.='

 

The .= adds to a string that is already defined. You have not defined either and from what I see you don't need to, just change the .= to =

 

I think your problem is in the main logic:

if($cadmin2=="4" || $cadmin2=="3"  && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2'])

 

If you set $cadmin2=="4" it will work, even if $_SESSION['mypassword3'] is set or unset. If you set $cadmin2=="3" it wont work because your logic needs to have $_SESSION['mypassword3'] set.  Is this what you want?  mypassword3 and mypassword2 can be anything it don't use it.

So in English what is the logic you need here?

Link to comment
Share on other sites

I need people to have access to the page when they are either $cadmin=4 or $cadmin=3 and mypassword3 is set and mypassword3 = mypassword2

 

So User A = $cadmin=4 and mypassword3 = mypassword2 would work

 

User B = $cadmin=3 and mypassword3 = mypassword2 would work

 

User C = $cadmin=2 would not work.

 

Or when mypassword3 isn't set or doesn't equal mypassword2.

 

 

Link to comment
Share on other sites

Had to change it to this:

 

if($cadmin2=="4" && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2'] || $cadmin2=="3" && isset($_SESSION['mypassword3']) && $_SESSION['mypassword3']==$_SESSION['mypassword2']){

 

Seems pointless that I essentially had to double the length of the if statement conditional.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.