PHP Header location with array key and allowed_operations

Question

In my login.php page I have this:

$allowed_operations = array('foo', 'lorem');
    if(isset($_GET['p']) 
    && in_array(isset($_GET['p']), $allowed_operations)){
    switch($_GET['p']){
        case 'foo':
              // Code for 'foo' goes here
        break;
        case 'lorem':
             // Code for 'lorem' goes here
        break;
    }
}

Where if I call the url http://example.com/login.php?p=foo the function foo is called.

Is it possible I can call this url without adding a href http://example.com?p=foo in my html markup?

For example something likes this:

<?php

if (array_key_exists("login", $_GET)) {
    $p = $_GET['p'];
    if ($p == 'foo') {
       header("Location: login.php?p=foo");  // This doesn't work
                        // And if I remove the ?p=foo, 
                        // it redirect to the page but
                        // the 'foo' function is not called
        }
    }

    ?>

and my html:

<a href="?login&p=foo">Login Foo</a> <br />

I know that is why I came here and asked this question. How can I do this without adding . — jQuerybeast, Mar 12 '12 at 14:06
@mishu no it does not matter. the href will automatically append the parameter to the current uri, so defining the both way are correct. — Ibrahim Azhar Armar, Mar 12 '12 at 14:09
@IbrahimAzharArmar - that is true if you are on login.php already.. if you are coming from any other page it will just add an empty var called login.. but that's not the point of the question.. I think.. — mishu, Mar 12 '12 at 14:30
@jQuerybeast you want to use $_GET without adding that to the url? also: `in_array(isset($_GET['p']), $allowed_operations)` this looks worng — mishu, Mar 12 '12 at 14:31

Ibrahim Azhar Armar · Accepted Answer · 2012-03-12T14:19:46.040

this is because of the infinite page redirect loops. that will be created by your code.

$p = $_GET['p'];
    if ($p == 'foo') {
       header("Location: login.php?p=foo");  // This doesn't work
                        // And if I remove the ?p=foo, 
                        // it redirect to the page but
                        // the 'foo' function is not called
        }
    }

every time you execute the code in this page the condition will be set to true, that is $_GET['p'] will always hold the value foo and it will redirect again and again to the same page. detecting which PHP will stop executing your script.

I am unable to understand on why you would want to redirect to the same page again, even if the condition is met. my suggestion is to avoid it. simply check if the variable wants to redirect to the same page if yes. then skip the page if not then redirect to the preferred destination.

if (array_key_exists("login", $_GET)) {
    $p = $_GET['p'];
    if ($p == 'foo') {
      //sice the variable foo redirects to the same page skip this path and do nothing
    } else {
        //any other url redirection goes here
        header('Location: index.php?bar');
    }
}

while there might be other way. the above code should also work, and will avoid getting into infinite page redirect loop.

I know that is why I am asking how to do this without adding . — jQuerybeast, Mar 12 '12 at 14:06

score 1 · Answer 2 · answered Mar 12 '12 at 14:08

I don't think this is correct:

$allowed_operations = array('foo', 'lorem');
if(isset($_GET['p'])  && in_array(isset($_GET['p']), $allowed_operations)){

it should be

$allowed_operations = array('foo', 'lorem');
if(isset($_GET['p'])  && in_array($_GET['p'], $allowed_operations)){

and you should use

<a href="login&p=foo">Login Foo</a> <br />

and this is an endless loop

if (array_key_exists("login", $_GET)) {
    $p = $_GET['p'];
    if ($p == 'foo') {
       header("Location: login.php?p=foo");  // This doesn't work

score 0 · Answer 3 · answered Mar 12 '12 at 14:06

There is an error here:

<a href="?login&p=foo">Login Foo</a> <br />

Correct:

<a href="login.php?p=foo">Login Foo</a> <br />

And also, the loop is endless. When you enter login.php then you ask to go again and again... Create a "break" function after 1st time.

PHP Header location with array key and allowed_operations

3 Answers3