0

I have this script, which works perfectly well. BUT I will end up creating hundreds of variations if I keep doing it this way.

    <?php

$q1 = $_GET["q1"];
$q2 = $_GET["q2"];
$q3 = $_GET["q3"];
$q4 = $_GET["q4"];


if ( $q1 == "a" && $q2 == "a" && $q3 == "a" && $q4 == "a" ) {
    header("Location: http://www.mostly-a.co.uk");
    exit;    
}

if ( $q1 == "b" && $q2 == "b" && $q3 == "b" && $q4 == "b" ) {
    header("Location: http://www.mostly-b.co.uk");
    exit;    
}

?>

Basically I need the script to echo 1 of 5 possible urls based on which answers are given

So for example, "url-mostly-a" would be echo'd if the user selected: aaaa aaab aaba abaa baaa aaac aaca acaa caaa

etc etc.....

Damian Smith
  • 85
  • 1
  • 2
  • 12

5 Answers5

0

If you understood correctly, what you need first is to find the most common value in array $_GET.

For that you need to get a count of duplicates:

array_count_values($_GET);

Then iterate and find the biggest value.

Edit:

Then you might be able to use this to get the key "name" with the biggest value:

$arrayCnt = array_count_values($_GET);
$theKey = array_search(max($arrayCnt), $arrayCnt)
TCB13
  • 3,067
  • 2
  • 39
  • 68
0

Are searching for something like this?:

foreach(array(
    'a' => 'http://aaaaaa...', 
    'b' => 'http:/bbbb',
    // ...
as $check => $url) {
    if($q1 == $check && $q2 == $check && $q3 == $check && $q4 == $check) {
        header("Location: $url");
    }
}
hek2mgl
  • 152,036
  • 28
  • 249
  • 266
0

4 lines should do it:

$count = array_count_values($_GET);
arsort($count);
$answers = array_keys($count);
header("Location: http://www.mostly-{$answers[0]}.co.uk");
  1. count values occurences
  2. reverse sorting of values
  3. get an array with the keys (still sorted)
  4. use first value of array
letiagoalves
  • 11,224
  • 4
  • 40
  • 66
  • take care that it is easy to inject data into `$_GET` and it is very easy to get the first place for that data. Hence this code can lead to header injection which is a serious issue as your script can be exploited for redirect reflection which then can be used to run attacks on websites. So this needs key verification on the one and value verification on the other hand. – M8R-1jmw5r Apr 30 '13 at 15:58
  • The site is a protected intranet, so im not too concerned with this. – Damian Smith Apr 30 '13 at 15:59
  • Yeah, that is showing the right attitude so next question you should ask is how to resign as a programmer. - Psst: Most attacks are on intranets, inside-people know what to look for, attackers love to be inside as well and they love it once they got there and find everything welcomely open. – M8R-1jmw5r Apr 30 '13 at 16:01
  • Erm, thanks for that feedback M8R-1jmw5r... I dont need to resign as a programmer as I am not one to start with! Maybe a more polite way of letting me know this is a bad idea would have been better! BUT as you have brought it up I shall make sure I research into how I can resolve any security issues. – Damian Smith Apr 30 '13 at 16:10
  • @M8R-1jmw5r you are assuming the OP does not know nothing about security and that is also not the right attitude. He can always filter $_GET data before this to avoid primary security issues. – letiagoalves Apr 30 '13 at 16:10
  • I presumed our intranet would be secure enough, but I will look into security and modify accordingly. I am just a front end developer that has been asked to write some php! Thanks for the help guys. – Damian Smith Apr 30 '13 at 16:14
  • What you can do: Check the $_GET keys are as expected. E.g. q1, q2, q3 and so on. Also check that values they contain are from the allowed ones, like a-z. Input validation is crucial, it is a cornerstore not only to not get hacked but also that the software runs as intended. you can filter an array by keys by using [`array_intersect_assoc()`](http://php.net/array_intersect_assoc) for example. – M8R-1jmw5r Apr 30 '13 at 19:55
  • @DamianSmith: I left you an example answer: http://stackoverflow.com/a/16308280/2261774 - As you can see this is not all about security but also about stability. E.g. it makes no sense to redirect to an invalid URL if not input is given and such. – M8R-1jmw5r Apr 30 '13 at 20:19
0

The following is a working code-example. It validated the input and as you can see, input validation is a a large part of any script.

// configuration

$qsValidKeys  = ['q1' => 0, 'q2' => 0, 'q3' => 0, 'q4' => 0];
$qValidValues = ['a', 'b', 'c', 'd'];

// input

$qsGet = array_intersect_key($_GET, $qsValidKeys);

if (!$qsGet) {
    trigger_error('No input given.');
    return;
}

$qsFiltered = [];

foreach ($qsGet as $key => $value) {
    if (in_array($value, $qValidValues, true)) {
        $qsFiltered[$key] = $value;
    } else {
        trigger_error(sprintf('Invalid Input value for "%s".', $key));
    }
}

if (!$qsFiltered) {
    trigger_error('No input given (filtered).');
    return;
}

// processing

$count = array_count_values($qsFiltered);
arsort($count);
$topAnswer = array_keys($count)[0];
$location = sprintf("http://www.mostly-%s.co.uk", $topAnswer);
M8R-1jmw5r
  • 4,896
  • 2
  • 18
  • 26
0

Thanks M8R-1jmw5r,

I looked into what it all meant and get the basic grasp of it all so thanks for that! The very last part didn't seem to be working though so I changed it too:

$location = printf('Click <a href="http://www.open.ac.uk/'.'%s'.'/">here</a> to view your results', $topAnswer);

This now seems to work perfectly well, I hope its still secure enough!

Damian Smith
  • 85
  • 1
  • 2
  • 12