Jump to content

Recommended Posts

Hi,

 

I have been using a code which displays different content depending whether I am logged in or not. However I am trying to add code but I just cant seem to get the code layout (there is a word for it) to work correctly.

 

The code below displays this:

 

" . $success["success"] . "
"; ?>
" method="post">

I have spent around 4 hours trying to get it to work but I cant get the code to sit inside the code which displays the content based on whether someone is logged in or not.

 

 

		 <?php
	     if ($_SESSION['userLoggedIn'])
{
  echo '
     logged in
  ';
} else { echo 
'

<div class="content-container1">
		<div class="content-container2">
	<div class="section-navigation">
			</div>
						<div class="content">	
			
			<div class="submitinfocell">


		<div class="updateerrorcell">
		 <?php if($success["success"]) print "<div class="valid">" . $success["success"] . "</div>"; ?> 
	</div>		
		</div>	
			
			<div class="submiteventarea">
	<div class="submiteventbox">
	
	<form class="form_id"  class="appnitro"  action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post"> 
			<ul >	 
	
Edited by justlukeyou
Link to comment
https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/
Share on other sites

You need to clean up your code. First off, when you echo everything inside the echo is in double quotes and all of the quotes inside of the double quote are single quotes. Does that make sense? So like this.

echo "<div class='content-cotainer1'>"

Second you need to close your quote in your else statement. You have echo ' but you never close it. I think you want to close it here. 

<div class="updateerrorcell">

Then you open another PHP statement here.

<?php if($success["success"]) print "<div class="valid">" . $success["success"] . "</div>"; ?> 

get rid of the <?php in front of the if. There is not need for it.

 

If you can't get it to work, let me know and I will help you.

Edited by computermax2328

I personally find this a little easier to follow:

 

 

<?php
//...snip
} else {
     ?>
     <div class="content-container1">
          <div class="content-container2">
               <div class="section-navigation">
               </div>
               <div class="content">
                    <div class="submitinfocell">
                         <div class="updateerrorcell">
                         <?php if($success["success"]) print '<div class="valid">' . $success['success'] . '</div>'; ?>
                         </div>
                    </div>
                    <div class="submiteventarea">
                         <div class="submiteventbox">
                         <form class="form_id"  class="appnitro"  action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
                              <ul>
                              <?php if($success["success"]) print '<div class="valid">' . $success['success'] . '</div>';
//...snip
?>

Hmm...part of my message after the code tag was cut off.  :-\

 

 

I would recommend reviewing what's available regarding XSS attacks. Using PHP_SELF as the action for your form makes you susceptible to these attacks. More information can be found here:

http://seancoates.com/blogs/xss-woes

There are a few alternatives mentioned in the comments section of XSS article (http://seancoates.com/blogs/xss-woes). My preferred method is to hard code the page name. So, if you're page is called "myform.php", the <form> tag might look like the following:

 

 

<form class="form_id"  class="appnitro" action="myform.php" method="post">

 

Others perfer to leave the action attribute blank:

 

 

<form class="form_id"  class="appnitro" action="" method="post">

 

 

There are a few alternatives mentioned in the comments section of XSS article (http://seancoates.com/blogs/xss-woes). My preferred method is to hard code the page name. So, if you're page is called "myform.php", the <form> tag might look like the following:

<form class="form_id"  class="appnitro" action="myform.php" method="post">

 

I always just name the file like this. Can't manipulate that.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.