Redirect with If/Else Statement vs Only the If

2019-07-21 04:16发布

站内问答 / PHP
1948 2 4

I am trying to keep my code as secure/clean as possible. If I have an If/Else statement that checks for whether or not the user is logged in (if not, the user is redirected back to the home page), will either of these methods work?

if (!$this->auth->is_logged_in()) {
    redirect('');
} else {
    // do something top secret
}

versus

if (!$this->auth->is_logged_in()) redirect('');
// do some top secret stuff

I would prefer the second method, but I am unsure if it is secure.

Edit
These would be used in a codeigniter controller

Another Edit
In codeigniter the redirect() function includes the exit; discussed in the answers below.

标签: php security
举报
2条回答
【Aperson】
2楼-- · 2019-07-21 04:45

Either is fine, but braces are generally preferred in case you want to add functionality later. I would also create a method in auth such as gatekeeper(), force_login(), whatever that does this check but redirects internally as you will probably use this a lot and it will be annoying to write this if statement check everywhere.

查看更多
0人赞 添加讨论(0) 举报
神经病院院长
3楼-- · 2019-07-21 04:49

There's no issue with security here.

I would remove the else if possible:

if (!$this->auth->is_logged_in()) {
    redirect('');
}
// top secret stuff

I think it's the most readable.

Also, I'm sure it does, but make sure the redirect function includes a call to exit

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)