| SitePoint Sponsor |
Checking whether a session variable is set returns false if unset($_SESSION[var]) is anywhere in the script. As soon as I take the unset call out of the script completely, it will return true.
I need to unset the session variable after assigning the message to this script any ideas?PHP Code:if(isset($_SESSION['error']))
{
$login_form .= "<p>".$_SESSION['error']['message']."</p>\n";
unset($_SESSION['error']);
}
unset($_SESSION['error']); // causes same behavior
if you are already unsetting it within the condition, why unset it again outside the condition?
And are you using any type of caching?
[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
Maybe your problem is in the error you are getting... What is it?
This works fine..
The issue is not in that part of the code. You have a logic error somewhere probably.PHP Code:<?
session_start();
$_SESSION['error']['message'] = 'test';
$login_form = '';
echo "<pre>";
echo "Before isset:\n";
print_r($_SESSION);
echo "</pre>";
if(isset($_SESSION['error']))
{
$login_form .= "<p>".$_SESSION['error']['message']."</p>\n";
unset($_SESSION['error']);
}
echo "<pre>";
echo "After isset (Should be blank):\n";
print_r($_SESSION);
echo "</pre>";
unset($_SESSION['error']); // causes same behavior
echo "<pre>";
echo "After unset (Should still be blank):\n";
print_r($_SESSION);
echo "</pre>";
echo "<pre>";
echo '$login_form:', "\n";
echo htmlentities($login_form);
echo "</pre>";
session_destroy();
?>
[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
simshaun: I repeated the unset outside the condition to show it doesn't matter where the unset is. Does PHP do some sort of caching? I am not using any custom caching.
Forkaya: The error is nothing but and array that contains text that is received from the conditions on the form processing script.
To elaborate more:
This is on a script that produces the form for user login. If there is an error on the php script that processes the post from this form, it sets this session variable. Then using header() redirects the browser back to the login form where the error is displayed then, hopefully, unset.
Test the PHP code I posted above in a standalone page (ex: test_sess.php).
It works just fine on my end.
There is a logical error somewhere in the rest of your code. I highly doubt it's PHP's fault.
The only way we'll be able to debug it is for you to post the full code.
[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
Before isset:
Array
(
[user] => Array
(
[id] => test
[logged_in] => 1
)
[banner] => Login Successful!
[error] => Array
(
[message] => test
)
)
After isset (Should be blank):
Array
(
[user] => Array
(
[id] => test
[logged_in] => 1
)
[banner] => Login Successful!
)
After unset (Should still be blank):
Array
(
[user] => Array
(
[id] => test
[logged_in] => 1
)
[banner] => Login Successful!
)
$login_form:
<p>test</p>
Its working as expected then.
Notice how the error array is being unset.
The error is definitely somewhere in the rest of your code.
[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
messy code, I know! (school project)
form script:
process script:PHP Code:<?php
include('config.php');
//start session
if (session_id() == "") session_start();
$login_form = "
<div id='login'>
<form name='login' action='$web_root/member/login/login.php' method='post'>
<span>Username:<input type='text' size='20' name='user' /></span>
<span>Password:<input type='password' size='20' name='pass' /></span>
<span><input type='submit' value='Login' name='login' /><input type='reset' value='Reset' name='reset' /></span>
</form>
<p>Not a member? <a href='signup'>Register Free</a></p>
\n";
if(isset($_SESSION['error']))
{
$message = $_SESSION['error']['message'];
$login_form .= "<p>$message</p>\n";
//unset($_SESSION['error']);
}
$login_form .= " </div>
";
if(isset($_SESSION['user']))
$user = $_SESSION['user']['id'];
else
$user = "Guest";
$logged_in = "
<div id='login'>
<div class='shadowbox'>
<div class='shadowcontent'>
<div class='t'></div><!-- END: div.t -->
<h3>Hello, $user</h3>
Visit <a href='$web_root/member/'>Your Account</a>
<p>Not $user? <a href='$web_root/member/login/logout.php'>Log out</a></p>
</div><!-- END: div.shadowcontent -->
<div class='b'><div></div></div><!-- END: div.b -->
</div><!-- END: div.shadowbox -->
</div>
";
if(isset($_SESSION['user']['logged_in']) && $_SESSION['user']['logged_in'] == 1)
{
$user = $_SESSION['user']['id'];
$user_status = $logged_in;
}
else
{
$user_status = $login_form;
}
?>
error.phpPHP Code:<?php
require_once("config.php");
require_once("$lib/mysql/mysql.class.php");
require_once("$lib/mysql/query.class.php");
require_once("$lib/mysql/config.mysql.php");
require_once("$lib/error.php");
if (session_id() == "") session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
if(empty($username) || empty($password))
{
$_SESSION['error'] = array('message' => "Both fields must be filled", 'action' => "MEMBER_LOGIN");
errorHandle();
}
$db = new MySQL($config);
$q_check = new Query('select');
$q_check->setTable('members');
$q_check->addSelection('password');
$q_check->addCondition('username','=',$username,'s');
if($db->executeQuery($q_check))
if($q_check->num_rows < 1)
{
//print_r($_POST);
$_SESSION['error'] = array('message' => "Username or password incorrect.", 'action' => "MEMBER_LOGIN");
}
else
{
$check = $q_check->results[0]['password'];
if($check == md5($password))
{
$_SESSION['user']= array('id' => $username, 'logged_in' => true);
$_SESSION['banner'] = "Login Successful!";
unset($_SESSION['error']);
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/member");//need to change to self
}
else
{
$_SESSION['error'] = array('message' => "Username or password does not match", 'action' => "MEMBER_LOGIN");
}
}
if(isset($_SESSION['error']))
{
errorHandle();
}
?>
config only has $lib and $*_root variablesPHP Code:<?php
error_reporting(E_ALL);
require_once("config.php");
function errorHandle()
{
if(isset($_SESSION['error']))
{
$action = $_SESSION['error']['action'];
global $web_root;
switch($action)
{
case "MEMBER_LOGIN":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3");
break;
case "UPLOAD_FORM":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3/upload");
break;
case "USER_CREATE":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3/signup");
break;
}
}
}
?>
Try this out:
form script:
process script:PHP Code:<?php
include('config.php');
//start session
session_start();
$login_form = "
<div id='login'>
<form name='login' action='$web_root/member/login/login.php' method='post'>
<span>Username:<input type='text' size='20' name='user' /></span>
<span>Password:<input type='password' size='20' name='pass' /></span>
<span><input type='submit' value='Login' name='login' /><input type='reset' value='Reset' name='reset' /></span>
</form>
<p>Not a member? <a href='signup'>Register Free</a></p>
\n";
if (isset($_SESSION['error'])) {
$message = $_SESSION['error']['message'];
$login_form .= "<p>$message</p>\n";
unset($_SESSION['error']);
}
$login_form .= " </div>
";
if (isset($_SESSION['user'])) { // good idea to always have curly braces, even though there is only 1 line of logic
$user = $_SESSION['user']['id'];
} else {
$user = "Guest";
$logged_in = "
<div id='login'>
<div class='shadowbox'>
<div class='shadowcontent'>
<div class='t'></div><!-- END: div.t -->
<h3>Hello, $user</h3>
Visit <a href='$web_root/member/'>Your Account</a>
<p>Not $user? <a href='$web_root/member/login/logout.php'>Log out</a></p>
</div><!-- END: div.shadowcontent -->
<div class='b'><div></div></div><!-- END: div.b -->
</div><!-- END: div.shadowbox -->
</div>
";
//if (isset($_SESSION['user']['logged_in']) && $_SESSION['user']['logged_in'] == 1) {
if (isset($_SESSION['user']['logged_in']) && $_SESSION['user']['logged_in']) { // == 1 is redundant.
$user = $_SESSION['user']['id'];
$user_status = $logged_in;
} else {
$user_status = $login_form;
}
?>
error.phpPHP Code:<?php
require_once("config.php");
require_once("$lib/mysql/mysql.class.php");
require_once("$lib/mysql/query.class.php");
require_once("$lib/mysql/config.mysql.php");
require_once("$lib/error.php");
session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
if (empty($username) || empty($password)) {
$_SESSION['error'] = array('message' => "Both fields must be filled", 'action' => "MEMBER_LOGIN");
errorHandle();
}
$db = new MySQL($config);
$q_check = new Query('select');
$q_check->setTable('members');
$q_check->addSelection('password');
$q_check->addCondition('username','=',$username,'s');
$db->executeQuery($q_check);
if ($q_check->num_rows < 1) {
//print_r($_POST);
$_SESSION['error'] = array('message' => "Username or password incorrect.",
'action' => "MEMBER_LOGIN");
} else {
$check = $q_check->results[0]['password'];
if ($check == md5($password)) {
$_SESSION['user'] = array('id' => $username,
'logged_in' => TRUE);
$_SESSION['banner'] = "Login Successful!";
unset($_SESSION['error']);
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/member"); //need to change to self
exit;
} else {
$_SESSION['error'] = array('message' => "Username or password does not match",
'action' => "MEMBER_LOGIN");
}
}
if (isset($_SESSION['error'])) {
errorHandle();
}
?>
PHP Code:<?php
error_reporting(E_ALL);
require_once("config.php");
function errorHandle()
{
if (isset($_SESSION['error'])) {
$action = $_SESSION['error']['action'];
global $web_root; // globals are bad practice. Make $web_root a function argument.
switch($action) {
case "MEMBER_LOGIN":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3");
exit;
break;
case "UPLOAD_FORM":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3/upload");
exit;
break;
case "USER_CREATE":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3/signup");
exit;
break;
}
}
}
?>
[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
Posting Permissions
Bookmarks