php session id redirect

Question

What I am try to do is use $_SESSION['user_id'] to check if 'user_id' is = to "number", say 56 for example, if so load page, if not redirect user to "billing/".$_SESSION['user_id'].".php";

So far I have this

<?php
    if ($_SESSION['user_id']) === 56) {
        //do nothing
    } else {
          header("Location: billing/".$_SESSION['user_id'].".php");
          exit();   
    }
?>

I know this code is wrong but hopefully it conveys what I am trying to accomplish. Thanks in advance for your help and code snippets.

Aside from `Location` needing a full url, no `exit;` after `header`, and an erroneous bracket after `['user_id']` in the `if`. What's up with it? — Jonnix, Oct 03 '11 at 15:28
What's the QUESTION? Just wondering do you have separate pages for each user?? — Ghazanfar Mir, Oct 03 '11 at 15:31
id be surprised if i hit the nail on the head, im still learning php lol. erroneous bracket? u mean take out the `[]`'s from around the `user_id` — webmaster alex l, Oct 03 '11 at 15:32
@JonStirling is he really going to have a php page for each session user? — Gianpaolo Di Nino, Oct 03 '11 at 15:32
The goal is that the way I set up my billing page was a dynamic link was generated on the main user page to direct the user to this page. In order to stop another user from getting to it this was the solution I came up with. — webmaster alex l, Oct 03 '11 at 15:34
I only have 6 users, I am never planing on having more then 10 at any time. — webmaster alex l, Oct 03 '11 at 15:34
@webmasteralexl: maybe better to have a single page in which you pass a parameter and then do all the checks you need? (just some suggestions to improve your code here) — Gianpaolo Di Nino, Oct 03 '11 at 15:36
In that case you should group everyone you don't want having access to this page. Check for this group and not the ID because what if you don't want multiple people accessing this page ? And in the future if other users are added and need to be restricted from this page then what ?? Are you going to keep adding id's ? — aziz punjani, Oct 03 '11 at 15:36
Jon, hows the code looking now, I think iv made all your corrections. — webmaster alex l, Oct 03 '11 at 15:37
@webmasteralexl Actually, you still need to alter the link in the header to the full URL. — Jonnix, Oct 03 '11 at 15:38
Im sure once I learn more I'll rework this page so that its a single page that pulls data from a squl database but until that time this is my "band-aid" solution. From a content management point of view I understand what kind of nightmare this would turn into. — webmaster alex l, Oct 03 '11 at 15:39
@webmasteralexl up to you, as I said before it was just a suggestion to how improve your code without thinking it will become a nightmare in the future :) — Gianpaolo Di Nino, Oct 03 '11 at 15:41

Your Common Sense · Answer 1 · 2011-10-03T16:03:07.537

do not edit the code in your question based on the answers. You are making it impossible to understand what are you talking about.
If you want to add something - ADD it below the original text.
Ask clear, certain question. Describe the problem you face and what kind of solution you need.
Separate matters. As a matter of fact, sessions has nothing to do with redirects. If you want to know how to use sessions - ask how to use sessions. If you already have valid and verified session variable but have no idea of redirects - ask about redirects. If you don't know how to compare values - ask it. If you know everything but not certain about some bells and whistles of the code styling - ask this particular question.

Now, what is your question?

Jez · Accepted Answer · 2011-10-03T15:36:42.590

0

You're pretty close, but you could use the php function http_redirect instead for the redirect, to be more concise (requires the PECL library):

<?php
    if ($_SESSION['user_id'] == 56) {
        //do nothing
    } else {
        http_redirect("billing/".$_SESSION['user_id'].".php", array(), true, HTTP_REDIRECT_PERM);
    }
?>

edited Oct 03 '11 at 15:36

answered Oct 03 '11 at 15:30

Jez

27,951
32
136
233

Invalid PHP atm and required a PECL library from what I can see. – Jonnix Oct 03 '11 at 15:34
What's invalid about the PHP? – Jez Oct 03 '11 at 15:36
`if ($_SESSION['user_id']) === 56) {` – Jonnix Oct 03 '11 at 15:39

Marius Solbakken Mellum · Answer 3 · 2011-10-03T15:46:00.580

0

Why not check the opposite? And for readability it is wise to use {} not "." (as long as your editor highlights this)

<?php 
if($_SESSION["user_id"] != 56) {
    header("location: billing/{$_SESSION['user_id']}.php");
    die();
}
?>

edited Oct 03 '11 at 15:46

answered Oct 03 '11 at 15:35

Marius Solbakken Mellum

636
5
10

Whoever downvoted, care to explain? I was going to suggest this. It makes no sense to test for true, then only run code for false. This is the better way of doing it for readability. – Anonymous Oct 03 '11 at 15:45
I didnt downvote but I couldnt get the redirect to work? No matter, the code still kills the page from loading if the user_id is not correct. Thanks for your help :) – webmaster alex l Oct 03 '11 at 16:14

score 0 · Answer 4 · answered Oct 03 '11 at 15:36

The PHP Doc for header() gives a lot of info about how to use the header function. The most important is:

Make sure no html or text has been echoed or sent to the browser before you call header().
You need an exit(); after header() since you're done rendering the page and some browsers prefer it.
HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path so you'll want to put the full URL after 'Location:'. See php doc for example.

php session id redirect

4 Answers4