Restrict access to page - PHP

Question

I have page with 3 $_GET variables in the URL;

http://www.example.co.uk/search?location=asokoro&day=today&time=12%3A00

location = string, day = string, time = time eg 12:00, 13:15

I will like to prevent access to the page for the below conditions.

Prevent access if no variable received --- COMPLETED

if(!isset($_GET['location']) || !isset($_GET['day']) || !isset($_GET['time'])) {
    header("Location: http://www.example.co.uk");
    exit;
}

Prevent access if location is not supported --- COMPLETED

$locations = Array('loc1','loc2');
if (!in_array($_GET['location'], $locations)) {
    header("Location: http://www.example.co.uk");
    exit;
}

Prevent access if day is not correct--- COMPLETED

if($_GET['day'] != "today" || $_GET['day'] != "tomorrow") {
    header("Location: http://www.abklab.co.uk");
    exit;
}

Prevent access if time is not correct--- NOT COMPLETED

Here I want to be able to check if time is actually time and not some random string like test .

As you can see from the URL time is passed with %3A which reperents : I would like to check if time is indeed a time eg 12:00, 14:20 etc if not then prevent access

Answer 1

You just need a way to escape from html's special characters, right? Try this:

if(strlen(trim($_GET['time'])) > 0){
    echo htmlspecialchars_decode(trim($_GET['time']));
}

Answer 2

When you get the time variable through $_GET['time'] , %3A should be translated to : and rest you can check if the time is actually time through regex . And the expression for that is: ([01]?[0-9]|2[0-3]):[0-5][0-9](:[0-5][0-9])?