MadnessRed Posted January 20, 2008 Share Posted January 20, 2008 OK, I'm quite new to php but here is what I want to do. I file name comes in from a post field and redirects depending on the name given. <meta HTTP-EQUIV="REFRESH" content="0; url=<?php echo $_POST["user"]; ?><?php echo $_POST["pass"]; ?>.php"> if you put in the the right log in details it works fine but if not then it doesn't work. What i want is for it to check if the file exists, then if it does go to it, otherwise go to another page. Any help woul dbe welcome Thanks Quote Link to comment https://forums.phpfreaks.com/topic/86900-if-and-check-for-file/ Share on other sites More sharing options...
MadnessRed Posted January 20, 2008 Author Share Posted January 20, 2008 sorry about double posting but would it just be simpler to create a custom 404 error page for that directory? Quote Link to comment https://forums.phpfreaks.com/topic/86900-if-and-check-for-file/#findComment-444287 Share on other sites More sharing options...
kenrbnsn Posted January 20, 2008 Share Posted January 20, 2008 You should always validate all input that comes into your script from a user. If you don't, you are opening up your script to abuse from hackers. In your case, do something like: <?php $redirect_fn = ''; $err = false; if (stristr(strtolower($_POST['user']),'http:/') !== false || stristr($_POST['pass'],':25') !== false) //keep malicious user from getting to a different place $err = true; else { $redirect_fn = $_POST['user'] . $_POST['pass'] . '.php'; if (!file_exists($redirect_fn)) $err = true; } if (!$err) header ('location: ' . $redirect_fn); else echo 'some sort of error occured'; ?> Ken Quote Link to comment https://forums.phpfreaks.com/topic/86900-if-and-check-for-file/#findComment-444300 Share on other sites More sharing options...
MadnessRed Posted January 20, 2008 Author Share Posted January 20, 2008 It doesn't work, http://beltd.co.uk/new/ thats where the login should be. Login in with Username:test Password:password it should load http://beltd.co.uk/new/testpassword.php. But it doesn't?? I'm quite new to php so uit probably something simple. Quote Link to comment https://forums.phpfreaks.com/topic/86900-if-and-check-for-file/#findComment-444338 Share on other sites More sharing options...
MadnessRed Posted January 20, 2008 Author Share Posted January 20, 2008 Is there an edit button anywhere coz I don't want people to complain about me double posting. Woudl the code below or some variation of it work? if (!file_exists(echo $_POST["user"]; ?><?php echo $_POST["pass"]; ?>.php)) <meta HTTP-EQUIV="REFRESH" content="0; url=login/<?php echo $_POST["user"]; ?>and<?php echo $_POST["pass"]; ?>.php"> else <meta HTTP-EQUIV="REFRESH" content="0; url=login/invalid.php"> Quote Link to comment https://forums.phpfreaks.com/topic/86900-if-and-check-for-file/#findComment-444350 Share on other sites More sharing options...
MadnessRed Posted January 20, 2008 Author Share Posted January 20, 2008 can someone please help me on this, the script that I was given doesn't work as I expected, any help would be welcome. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/86900-if-and-check-for-file/#findComment-444613 Share on other sites More sharing options...
priti Posted January 21, 2008 Share Posted January 21, 2008 Following you code, The syntax is very jumbled and wrong. <?php if (!file_exists($_POST["user"].$_POST["pass"].'php')) //$_POST["user"].$_POST["pass"].'php' sud be some file name acc,to your code. { echo '<meta HTTP-EQUIV="REFRESH" content="0; url=login/$_POST["user"]";> and<?php echo $_POST["pass"]; ?>.php">//Why thi slineyou need whenyou are senidng user to other page he is not going to ocomeback on this page then ?????????? so remove it if not needed } else { echo '<meta HTTP-EQUIV="REFRESH" content="0; url=login/invalid.php">'; } ?> kindly Try this Quote Link to comment https://forums.phpfreaks.com/topic/86900-if-and-check-for-file/#findComment-444805 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.