I am new to PHP and hope someone can help me with this.
I am trying to cover the following scenarios in a header file that is included on all my pages:
status" is not set AND page name is not "login"
or "user" THEN redirect to login page.status" is not set AND page name is "user" AND
variable "resetToken" is not set THEN redirect to login page.So far I have the below which works for all pages when accessing them from the browser but when I use a link from an email like the following I still get redirected even if the link contains the variable "resetToken":
Example link: https://www.myurl.com/user.php?resetToken=abcde
My PHP (in header include):
$baseURL = "https://www.myurl.com";
$pageURL = basename($_SERVER["REQUEST_URI"]);
$pageName = pathinfo(parse_url($pageURL, PHP_URL_PATH), PATHINFO_FILENAME);
if( (!isset($_SESSION["status"])) && ($pageName != "login") && ($pageName != "user") ){
header("Location: " . $baseURL . "/login.php");
exit;
}
if( (!isset($_SESSION["status"])) && ($pageName == "user") && (!isset($_GET["resetToken"])) ){
header("Location: " . $baseURL . "/login.php");
exit;
}
I have two questions regarding this:
Many thanks for any help, Mike
$_GET does work no matter where the url was clicked() and combine them with ||PHP
if(
(
(!isset($_SESSION["status"])) && ($pageName != "login") &&
($pageName != "user")
) || (
(!isset($_SESSION["status"])) && ($pageName == "user") &&
(!isset($_GET["resetToken"]))
)
){
header("Location: " . $baseURL . "/login.php");
exit;
}
When it is redirecting even tho you have set the token you should dump the variable before. The code as it is should not redirect when the token is set.