justlukeyou Posted April 29, 2013 Share Posted April 29, 2013 Hi, I have been using a code which displays different content depending whether I am logged in or not. However I am trying to add code but I just cant seem to get the code layout (there is a word for it) to work correctly. The code below displays this: " . $success["success"] . " "; ?> " method="post"> I have spent around 4 hours trying to get it to work but I cant get the code to sit inside the code which displays the content based on whether someone is logged in or not. <?php if ($_SESSION['userLoggedIn']) { echo ' logged in '; } else { echo ' <div class="content-container1"> <div class="content-container2"> <div class="section-navigation"> </div> <div class="content"> <div class="submitinfocell"> <div class="updateerrorcell"> <?php if($success["success"]) print "<div class="valid">" . $success["success"] . "</div>"; ?> </div> </div> <div class="submiteventarea"> <div class="submiteventbox"> <form class="form_id" class="appnitro" action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post"> <ul > Link to comment https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/ Share on other sites More sharing options...
computermax2328 Posted April 29, 2013 Share Posted April 29, 2013 You need to clean up your code. First off, when you echo everything inside the echo is in double quotes and all of the quotes inside of the double quote are single quotes. Does that make sense? So like this. echo "<div class='content-cotainer1'>" Second you need to close your quote in your else statement. You have echo ' but you never close it. I think you want to close it here. <div class="updateerrorcell"> Then you open another PHP statement here. <?php if($success["success"]) print "<div class="valid">" . $success["success"] . "</div>"; ?> get rid of the <?php in front of the if. There is not need for it. If you can't get it to work, let me know and I will help you. Link to comment https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/#findComment-1427181 Share on other sites More sharing options...
cyberRobot Posted April 30, 2013 Share Posted April 30, 2013 I personally find this a little easier to follow: <?php //...snip } else { ?> <div class="content-container1"> <div class="content-container2"> <div class="section-navigation"> </div> <div class="content"> <div class="submitinfocell"> <div class="updateerrorcell"> <?php if($success["success"]) print '<div class="valid">' . $success['success'] . '</div>'; ?> </div> </div> <div class="submiteventarea"> <div class="submiteventbox"> <form class="form_id" class="appnitro" action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post"> <ul> <?php if($success["success"]) print '<div class="valid">' . $success['success'] . '</div>'; //...snip ?> Link to comment https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/#findComment-1427263 Share on other sites More sharing options...
cyberRobot Posted April 30, 2013 Share Posted April 30, 2013 Hmm...part of my message after the code tag was cut off. I would recommend reviewing what's available regarding XSS attacks. Using PHP_SELF as the action for your form makes you susceptible to these attacks. More information can be found here: http://seancoates.com/blogs/xss-woes Link to comment https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/#findComment-1427264 Share on other sites More sharing options...
justlukeyou Posted April 30, 2013 Author Share Posted April 30, 2013 Brilliant thanks guys, sorted this within a few minutes thanks to your help. What is the alternative to SELF? Link to comment https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/#findComment-1427312 Share on other sites More sharing options...
cyberRobot Posted April 30, 2013 Share Posted April 30, 2013 There are a few alternatives mentioned in the comments section of XSS article (http://seancoates.com/blogs/xss-woes). My preferred method is to hard code the page name. So, if you're page is called "myform.php", the <form> tag might look like the following: <form class="form_id" class="appnitro" action="myform.php" method="post"> Others perfer to leave the action attribute blank: <form class="form_id" class="appnitro" action="" method="post"> Link to comment https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/#findComment-1427315 Share on other sites More sharing options...
computermax2328 Posted April 30, 2013 Share Posted April 30, 2013 On 4/30/2013 at 6:23 PM, cyberRobot said: There are a few alternatives mentioned in the comments section of XSS article (http://seancoates.com/blogs/xss-woes). My preferred method is to hard code the page name. So, if you're page is called "myform.php", the <form> tag might look like the following: <form class="form_id" class="appnitro" action="myform.php" method="post"> I always just name the file like this. Can't manipulate that. Link to comment https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/#findComment-1427357 Share on other sites More sharing options...
Jessica Posted April 30, 2013 Share Posted April 30, 2013 On 4/30/2013 at 9:13 PM, computermax2328 said: I always just name the file like this. Can't manipulate that.Of course you can. Link to comment https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/#findComment-1427369 Share on other sites More sharing options...
computermax2328 Posted May 1, 2013 Share Posted May 1, 2013 On 4/30/2013 at 10:45 PM, Jessica said: Of course you can. What would you suggest then? Link to comment https://forums.phpfreaks.com/topic/277427-code-inside-code-doesnt-work/#findComment-1427417 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.