I’m using the MVC model (I think thats what its called) and I have separated my site into smaller pages and includes…. Is it safer/better or worse (with no benefit) to check the same conditional twice?
For example, I have an accounts page that looks something like this:
// Must be logged in
if(isset($_SESSION['userID'])){
include('edit_user.php');
}
and then in my edit_user.php page I have something like this:
// Must be logged in
if(isset($_SESSION['userID'])){
if(isset($_POST['editUser'])){
//Validate the form
}
?>
<form>
// Display the form
</form>
<?php
} // End main IF
So pretty much I’m checking if the user id is set twice… I’m pretty mush doing the same thing with all my pages (that require users be logged in). Is that really necessary? My initial thought was to prevent unregistered users from accessing the edit_user.php form directly and doing things (I was also thinking of just redirecting if users do access the page directly). What do you guys think/suggest?
Edit
I dont think I explained myself too clearly… That was just an example… Here’s a better example to better get across the reasons for my question:
…Account page
if(isset$_SESSION['userID'])){
include('edit_user.php');// edit user form
include('change_password.php');// change password form
include('change_pic.php');// change photo form
}
and from within each of my includes, again I’m asking for a SESSION['userID']… So, what do you guys suggest now?
Well, it is redundant, which violates the “Don’t Repeat Yourself” (DRY) principle of design. If your
edit_user.phpfile is publicly accessible, then you definitely need checks in there, so you could probably remove the other checks, as long as you’re sure of the functionality.It’s arguable that your code is clearer with the checks in place, however, in the long run redundancy like that will lead to more maintenance hassles.