How would I call a java script function using php if statement with $_SESSION

StackOverflow https://stackoverflow.com/questions/21577049

Domanda

Hi I am creating a website with a login section this is working I am using HTML and PHP. What I am trying to do is one of my pages has a html button I want this to be disabled for certain users. at the moment this is what I have got.

this is the part that I use for the login details.

    <?php
    session_start();
    $_SESSION["username"];
    $_SESSION["password"];
    $_SESSION["access"];
    ?>

I have got if statments that I am currently using which are 

    if($_SESSION["access"] == "Administrator"){
    echo $Admin;
    }

what I am trying to do is call a javascript function within a PHP if statement what i have got so far is 

<?php
    if($_SESSION["access"] == "Consumer")
    {
        echo '<script type="text/javascript">
            Disable();
            </script>';
    }

    if($_SESSION["access"] == "Administrator")
    {
        echo '<script type="text/javascript">
            Enable();
            </script>';
    }
    ?>

the javascript functions that i am trying to call are 

<script type="text/javascript">
   function Enable() { 
   SubmitButton.disabled = false;
   } 

  function Disable() { 
   SubmitButton.disabled = true;
   } 
   </script>

I have also tryed 

if($_SESSION["access"] == "Consumer")
    {
        echo "<script> Disable(); </script>";
    }

Im just wondering if I have typed something in wrong or if I have forgotten to put something in.

any help would be much appreciated.

È stato utile?

Soluzione

Looking at your code you have couple of issues:

Mixing your PHP logic and pure HTML is (usually) not a good idea.

Instead I would suggest you move your access checking logic fully on the server side and display the button accordingly (disabled or enabled) based on the user's access.

Example:

<?php if($_SESSION['access']): // Only show the button for users with access ?>
    <button type="submit" value="Submit" <?php echo ($_SESSION['access'] != 'Administrator' ? 'disabled' : ''); // Button disabled for everyone but administrators ?> />
<?php endif; ?>

And let me point out the obvious (as mentioned by the other answers), that's not 100% bulletproof. The user can still manually submit the button even if he is not an administrator by editing the page's HTML on the fly. That's just a UI fix. The real check should be done on the server side once the button is submitted (e.g. is the user logged in, does he have a cookie on his computer that identifies him as an administrator, does he have a session cookie set, etc).

Calling JS in random places, e.g. in the header can have unexpected consequences.

You better wait for the page to be loaded fully before calling any JS functions. You can do that via jQuery easily, but make sure you include the jQuery library before that in your header like so.

Afterwards you can call any JS after the page is loaded by placing them within the following block:

$(function(){
   // Place your JS calls here, e.g. call to Enable()
});

String concatenation in PHP is done with a dot . and strings can be multiline

This code which you used is just plain wrong.

echo '<script type="text/javascript">'
, 'Enable();'
, '</script>';

You should use something like:

echo '<script type="text/javascript">'
     .'Enable();'
     . '</script>';

or better:

echo '<script type="text/javascript">
         Enable();
      </script>';

Altri suggerimenti

PHP doesn't use , sign for joining. Use ..

But otherwise it should work, except that you should define SubmitButton in advance of using it.

<?php
    echo "<script type='text/javascript'>";
        // if the id of your element is "submitButton"
        echo "var submitButton = document.getElementById('submitButton');";
        echo " function disable(){ submitButton.disabled=true; }";
    echo "</script>";
?>

After that you can use it as you did..

<script type='text/javascript'>
    disable();
</script>

Just be advised that denying access to some elements/functionality on your webpage with JavaScript alone is not a good practice - JavaScript is executed locally on the user's computer and therefore the user can modify it to gain an advantage.

Well, the problem may be that you're trying to call the javascript function before the HTML is ready (or finally rendered), so the browser, when executes the function doesn't find the button.

You could solve this placing your javascript code at the end of your page, or using jQuery and doing:

$(document).ready(function() {
<%php if ($_SESSION['access'] == 'xxxxx') {%>
    Enable();
<%php } else { %>
    Disable();
<%php } %>
});

Anyway, ALWAYS check user permissions on the server side, because someone could enable the button using Firebug or something else...

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top