SitePoint Sponsor |
|
User Tag List
Results 1 to 10 of 10
-
Nov 20, 2008, 15:41 #1
- Join Date
- Jul 2006
- Posts
- 72
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Weird problem unsetting session variable
Checking whether a session variable is set returns false if unset($_SESSION[var]) is anywhere in the script. As soon as I take the unset call out of the script completely, it will return true.
PHP Code:if(isset($_SESSION['error']))
{
$login_form .= "<p>".$_SESSION['error']['message']."</p>\n";
unset($_SESSION['error']);
}
unset($_SESSION['error']); // causes same behavior
-
Nov 20, 2008, 16:06 #2
- Join Date
- Apr 2008
- Location
- North Carolina
- Posts
- 438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
if you are already unsetting it within the condition, why unset it again outside the condition?
And are you using any type of caching?[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
-
Nov 20, 2008, 16:08 #3
- Join Date
- Nov 2008
- Location
- New York
- Posts
- 90
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Maybe your problem is in the error you are getting... What is it?
-
Nov 20, 2008, 16:13 #4
- Join Date
- Apr 2008
- Location
- North Carolina
- Posts
- 438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
This works fine..
PHP Code:<?
session_start();
$_SESSION['error']['message'] = 'test';
$login_form = '';
echo "<pre>";
echo "Before isset:\n";
print_r($_SESSION);
echo "</pre>";
if(isset($_SESSION['error']))
{
$login_form .= "<p>".$_SESSION['error']['message']."</p>\n";
unset($_SESSION['error']);
}
echo "<pre>";
echo "After isset (Should be blank):\n";
print_r($_SESSION);
echo "</pre>";
unset($_SESSION['error']); // causes same behavior
echo "<pre>";
echo "After unset (Should still be blank):\n";
print_r($_SESSION);
echo "</pre>";
echo "<pre>";
echo '$login_form:', "\n";
echo htmlentities($login_form);
echo "</pre>";
session_destroy();
?>[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
-
Nov 20, 2008, 16:18 #5
- Join Date
- Jul 2006
- Posts
- 72
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
simshaun: I repeated the unset outside the condition to show it doesn't matter where the unset is. Does PHP do some sort of caching? I am not using any custom caching.
Forkaya: The error is nothing but and array that contains text that is received from the conditions on the form processing script.
To elaborate more:
This is on a script that produces the form for user login. If there is an error on the php script that processes the post from this form, it sets this session variable. Then using header() redirects the browser back to the login form where the error is displayed then, hopefully, unset.
-
Nov 20, 2008, 16:21 #6
- Join Date
- Apr 2008
- Location
- North Carolina
- Posts
- 438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Test the PHP code I posted above in a standalone page (ex: test_sess.php).
It works just fine on my end.
There is a logical error somewhere in the rest of your code. I highly doubt it's PHP's fault.
The only way we'll be able to debug it is for you to post the full code.[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
-
Nov 20, 2008, 16:31 #7
- Join Date
- Jul 2006
- Posts
- 72
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Before isset:
Array
(
[user] => Array
(
[id] => test
[logged_in] => 1
)
[banner] => Login Successful!
[error] => Array
(
[message] => test
)
)
After isset (Should be blank):
Array
(
[user] => Array
(
[id] => test
[logged_in] => 1
)
[banner] => Login Successful!
)
After unset (Should still be blank):
Array
(
[user] => Array
(
[id] => test
[logged_in] => 1
)
[banner] => Login Successful!
)
$login_form:
<p>test</p>
-
Nov 20, 2008, 16:33 #8
- Join Date
- Apr 2008
- Location
- North Carolina
- Posts
- 438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Its working as expected then.
Notice how the error array is being unset.
The error is definitely somewhere in the rest of your code.[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
-
Nov 20, 2008, 16:39 #9
- Join Date
- Jul 2006
- Posts
- 72
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
messy code, I know! (school project)
form script:
PHP Code:<?php
include('config.php');
//start session
if (session_id() == "") session_start();
$login_form = "
<div id='login'>
<form name='login' action='$web_root/member/login/login.php' method='post'>
<span>Username:<input type='text' size='20' name='user' /></span>
<span>Password:<input type='password' size='20' name='pass' /></span>
<span><input type='submit' value='Login' name='login' /><input type='reset' value='Reset' name='reset' /></span>
</form>
<p>Not a member? <a href='signup'>Register Free</a></p>
\n";
if(isset($_SESSION['error']))
{
$message = $_SESSION['error']['message'];
$login_form .= "<p>$message</p>\n";
//unset($_SESSION['error']);
}
$login_form .= " </div>
";
if(isset($_SESSION['user']))
$user = $_SESSION['user']['id'];
else
$user = "Guest";
$logged_in = "
<div id='login'>
<div class='shadowbox'>
<div class='shadowcontent'>
<div class='t'></div><!-- END: div.t -->
<h3>Hello, $user</h3>
Visit <a href='$web_root/member/'>Your Account</a>
<p>Not $user? <a href='$web_root/member/login/logout.php'>Log out</a></p>
</div><!-- END: div.shadowcontent -->
<div class='b'><div></div></div><!-- END: div.b -->
</div><!-- END: div.shadowbox -->
</div>
";
if(isset($_SESSION['user']['logged_in']) && $_SESSION['user']['logged_in'] == 1)
{
$user = $_SESSION['user']['id'];
$user_status = $logged_in;
}
else
{
$user_status = $login_form;
}
?>
PHP Code:<?php
require_once("config.php");
require_once("$lib/mysql/mysql.class.php");
require_once("$lib/mysql/query.class.php");
require_once("$lib/mysql/config.mysql.php");
require_once("$lib/error.php");
if (session_id() == "") session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
if(empty($username) || empty($password))
{
$_SESSION['error'] = array('message' => "Both fields must be filled", 'action' => "MEMBER_LOGIN");
errorHandle();
}
$db = new MySQL($config);
$q_check = new Query('select');
$q_check->setTable('members');
$q_check->addSelection('password');
$q_check->addCondition('username','=',$username,'s');
if($db->executeQuery($q_check))
if($q_check->num_rows < 1)
{
//print_r($_POST);
$_SESSION['error'] = array('message' => "Username or password incorrect.", 'action' => "MEMBER_LOGIN");
}
else
{
$check = $q_check->results[0]['password'];
if($check == md5($password))
{
$_SESSION['user']= array('id' => $username, 'logged_in' => true);
$_SESSION['banner'] = "Login Successful!";
unset($_SESSION['error']);
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/member");//need to change to self
}
else
{
$_SESSION['error'] = array('message' => "Username or password does not match", 'action' => "MEMBER_LOGIN");
}
}
if(isset($_SESSION['error']))
{
errorHandle();
}
?>
PHP Code:<?php
error_reporting(E_ALL);
require_once("config.php");
function errorHandle()
{
if(isset($_SESSION['error']))
{
$action = $_SESSION['error']['action'];
global $web_root;
switch($action)
{
case "MEMBER_LOGIN":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3");
break;
case "UPLOAD_FORM":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3/upload");
break;
case "USER_CREATE":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3/signup");
break;
}
}
}
?>
-
Nov 20, 2008, 16:58 #10
- Join Date
- Apr 2008
- Location
- North Carolina
- Posts
- 438
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Try this out:
form script:
PHP Code:<?php
include('config.php');
//start session
session_start();
$login_form = "
<div id='login'>
<form name='login' action='$web_root/member/login/login.php' method='post'>
<span>Username:<input type='text' size='20' name='user' /></span>
<span>Password:<input type='password' size='20' name='pass' /></span>
<span><input type='submit' value='Login' name='login' /><input type='reset' value='Reset' name='reset' /></span>
</form>
<p>Not a member? <a href='signup'>Register Free</a></p>
\n";
if (isset($_SESSION['error'])) {
$message = $_SESSION['error']['message'];
$login_form .= "<p>$message</p>\n";
unset($_SESSION['error']);
}
$login_form .= " </div>
";
if (isset($_SESSION['user'])) { // good idea to always have curly braces, even though there is only 1 line of logic
$user = $_SESSION['user']['id'];
} else {
$user = "Guest";
$logged_in = "
<div id='login'>
<div class='shadowbox'>
<div class='shadowcontent'>
<div class='t'></div><!-- END: div.t -->
<h3>Hello, $user</h3>
Visit <a href='$web_root/member/'>Your Account</a>
<p>Not $user? <a href='$web_root/member/login/logout.php'>Log out</a></p>
</div><!-- END: div.shadowcontent -->
<div class='b'><div></div></div><!-- END: div.b -->
</div><!-- END: div.shadowbox -->
</div>
";
//if (isset($_SESSION['user']['logged_in']) && $_SESSION['user']['logged_in'] == 1) {
if (isset($_SESSION['user']['logged_in']) && $_SESSION['user']['logged_in']) { // == 1 is redundant.
$user = $_SESSION['user']['id'];
$user_status = $logged_in;
} else {
$user_status = $login_form;
}
?>
PHP Code:<?php
require_once("config.php");
require_once("$lib/mysql/mysql.class.php");
require_once("$lib/mysql/query.class.php");
require_once("$lib/mysql/config.mysql.php");
require_once("$lib/error.php");
session_start();
$username = $_POST['user'];
$password = $_POST['pass'];
if (empty($username) || empty($password)) {
$_SESSION['error'] = array('message' => "Both fields must be filled", 'action' => "MEMBER_LOGIN");
errorHandle();
}
$db = new MySQL($config);
$q_check = new Query('select');
$q_check->setTable('members');
$q_check->addSelection('password');
$q_check->addCondition('username','=',$username,'s');
$db->executeQuery($q_check);
if ($q_check->num_rows < 1) {
//print_r($_POST);
$_SESSION['error'] = array('message' => "Username or password incorrect.",
'action' => "MEMBER_LOGIN");
} else {
$check = $q_check->results[0]['password'];
if ($check == md5($password)) {
$_SESSION['user'] = array('id' => $username,
'logged_in' => TRUE);
$_SESSION['banner'] = "Login Successful!";
unset($_SESSION['error']);
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/member"); //need to change to self
exit;
} else {
$_SESSION['error'] = array('message' => "Username or password does not match",
'action' => "MEMBER_LOGIN");
}
}
if (isset($_SESSION['error'])) {
errorHandle();
}
?>
PHP Code:<?php
error_reporting(E_ALL);
require_once("config.php");
function errorHandle()
{
if (isset($_SESSION['error'])) {
$action = $_SESSION['error']['action'];
global $web_root; // globals are bad practice. Make $web_root a function argument.
switch($action) {
case "MEMBER_LOGIN":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3");
exit;
break;
case "UPLOAD_FORM":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3/upload");
exit;
break;
case "USER_CREATE":
$host = $_SERVER['HTTP_HOST'];
header("Location: http://$host/$web_root/wdp3-ms3/signup");
exit;
break;
}
}
}
?>[read: PHP Sec. | CSRF | PCRE Mods | Encryption | Form Proc. | File Val.]
[tools: PHPEd | PHP Docs | jQuery | CI | SwiftMailer | CKEditor | reCAPTCHA]
Bookmarks