setting and unsetting a session though an URL - php

Hi,
I need to create a session as soon as the visitor enters my page. Then by clicking on a link that takes to an URL like this example.org/page?no_redirect=true the session must be destroyed but the session should be created again if they click on a link to this URL example.org/page?no_redirect=false.
I did it like this:
session_start();
$_SESSION['redirect'] = "false";
if($_GET['no_redirect'] == "true")
{
$_SESSION['redirect']="true";
} elseif ($_GET['no_redirect'] == "false") {
$_SESSION['redirect']="false";
}
if ($_SESSION['redirect']!=true) {
$redirect = <<<EOF
<script type='text/javascript'>DM_redirect("mobile/$page");</script>
EOF;
}
but its not working. What could it be?
Thank you.


The check if ($_SESSION['redirect'] != true) makes no sense, because you are comparing a non-empty string to a boolean. Non-empty strings always evaluate to true, so your check is really if (true != true), which means the content inside the block will never be executed.
A more sensible approach would be to unset your session once its purpose has been served instead of setting it to "true" / "false".
Code:
session_start();
# Check whether the session should be unset.
if ($_GET['no_redirect'] == "true") {
unset($_SESSION['redirect']);
}
# Check whether the session should be set.
else if ($_GET['no_redirect'] == "false") {
$_SESSION['redirect'] = "true";
}
# Check whether the session is set.
if (isset($_SESSION['redirect'])) {
$redirect = <<<EOF
<script type='text/javascript'>DM_redirect("mobile/$page");</script>
EOF;
}

Related

Why my cookies are not saving?

I have a problem with cookies. In my login script i have the following line of code:
if($_GET['keep'] == "true"){
setcookie('id',$id,time()+3153600);
}
The problem I'm facing is that the cookies are not saving at all ( not even if i don't quit the browser). I'm quite a beginer in this respect and I think I'm not doing it right.
EDIT:
If i print_r all the Cookies it only gives me PHPSESSID after the cookie is set. I printed on index.php and i set the cookie on login.php
SOLUTION: Cookies are saved by default with the path of the file they were created in. To change the path there is another atribute. So by setcookie('id',$id,time()+3153600,'/'); you make the cookie available for the entire domain.

There is no issue in your code
if($_GET['keep'] = "true"){
setcookie('id',$id,time()+3153600);
}
This will may cause to
No data passing to $_GET['keep']
Or if data passing $_GET['keep'] value in not Matched ("true").
Both Works then $id is empty in setcookie method
Improve your code
if(isset($_GET['keep']){
if($_GET['keep'] == "true"){
if(isset($id))
{
#all perpect
$cokkie_id = 'id';
setcookie('id',$id,time()+3153600);
echo "I'm Set. And My value is ".$cokkie_id;
}
else
{
echo "Opzz My ID is also empty";
}
}
else
{
echo 'Get method is Set. But Value is not "true". Actual value is '. $_GET['keep'];
}
}
else
{
echo 'I cant reach Get method Buddy';
}

I think you miss "=" sign
if ($_GET['keep'] == "true") {
if (!isset($_COOKIE['id'])) {
setcookie('id',$id,time()+3153600);
}
}

use isset or ==
if (isset($_GET['keep']) && $_GET['keep'] == "true") {
setcookie('id', $id,time()+3153600);
}else{
echo 'keep is empty';
}

Infinite loop php redirect based on cookie

I'm currenting busy coding a registration page. The page has three steps and every step has its own cookie value. What I'd like to do is checking for the cookies value and transfer the user to the correct page upon visiting the website
Example:
if the value of $_COOKIE['step'] is 'step_two' it should redirect to: www.domain.com/register.php?step=your_details. If the cookie's not set, it should not redirect and stay on the register.php page.
The redirecting is working 'fine', but it gets into an infinite loop. I really cant think clear anymore as I've been awake for almost 24h now. Therefor I would appreciate it if anyone could push me into the right directions.
Piece of code:
$cookie_value = 'step_2';
setcookie("step",$cookie_value, time()+3600*24);
$cookie_not_set = true;
$cookie_step_two = false;
if (isset($_COOKIE['step'])) {
if ($_COOKIE['step'] == 'step_2') {
$cookie_not_set = false;
$cookie_step_two = true;
header('Location: ?step=your_details');
exit();
}
} else {
$cookie_not_set = true;
}
Thank you.

Nowhere are you actually setting your cookie value, so it won't change. That's why you have an infinite loop.
$_GET and $_COOKIE have nothing to do with each other. It looks like you want:
if ($_GET['step'] === 'your_details')`
...which would be better than using a cookie anyway.

You are going to constantly enter your if condition as there is no other manipulations going on to your cookie data.
if your cookie is set to "step_2" you will enter the loop. No changes are in place, so on the refresh to the page. You will re-enter the step_2 condition and be into a redirect.
I'm also assuming that you understand that your $_GET & $_COOKIE requests are completely different. If not, see #Brads answer
A solution to stop this infinite loop would be:
if (isset($_COOKIE['step'])) {
if ($_COOKIE['step'] == 'step_2') {
$cookie_not_set = false;
$cookie_step_two = true;
$_COOKIE['step'] = 'step_3';
header('Location: ?step=your_details');
exit();
}
But also take note, your true/false validations/changes are local changes and will not be absolute on page refresh

I believe your issue is the redirect is not changing your cookie, so you need to look at the GET var you a re passing if the cookie is set to step_2 thus;
$cookie_not_set = true;
$cookie_step_two = false;
if (isset($_COOKIE['step'])) {
if ($_COOKIE['step'] == 'step_2') {
if( !empty($_GET['step']) && $_GET['step'] == 'your_details' )
{
... you have redirected and now can continue ...
}
else
{
// redirect and set the get var to signal to this script.
$cookie_not_set = false;
$cookie_step_two = true;
header('Location: ?step=your_details');
exit();
}
}
} else {
$cookie_not_set = true;
}

I lose my session with PHP

I have a problem with a project I'm working on. I'm trying to code a simply login system using PHP + Sessions. But I lose my session, and I don't really know why, the code:
index.php
<?php
session_start();
if(!isset($_SESSION['logedin'] == True)){
<form action = "login.php" method = "post" id="login-form" class = "login-form">
<input type = "text" name = "username" maxlength = "100"/>
<input type = "password" maxlength = "50" name = "password"/>
<button type="submit">Sign in</button>
</form>
}else{
echo "Loged in.";
}
?>
login.php
<?php
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
if(!isset($_SESSION['logedin'] == True)){
if($username == 'username' && $password == 'password'){
$_SESSION['logedin'] = True;
header("index.php"); // Loged in
}
}
?>
The real code is not this one, because it's too long to put here, but this is a simply resume about the code... I'm losing my head, because if I open a session into index.php, it works, but if I go out of my page (in this case, login.php through form), when I back to index, session just vanish...
I got to say I don't use any frameworks or something, it's a simply form, all done with PHP.

Your parens on the first line are going to be a problem:
if(!isset($_SESSION['logedin'] == True)){
Change to:
if(!isset($_SESSION['logedin'])) {
Why are you doing a double negative on this condition? Instead of doing !isset == true, just do isset == false. This is just likely to add confusion to your code, and the more intuitive (and simplistic) your code, the better.
In your login.php you also have that line:
if(!isset($_SESSION['logedin'] == True)){
You are basically saying isset(true) == false which should always return false. Because $_SESSION['logedin'] == true is true. Change it to if (isset($_SESSION['logedin'])) which will be true if you're logged in.
Let's break this condition down a little further to see what you're doing
if (false == isset(
$_SESSION['loged'] == true // will be true if you're logged in
) // isset will return true, but you're expecting a false
)
Your isset is always going to return true. Whether $_SESSION['logedin'] == true returns true or false it will be "isset". Isset will only return false if the return value is null or the var does not exist. "False" is a value and exists. Does that make sense? Sorry if this is confusing. Basically, don't use conditions in your isset! :). Use the isset as a part of a condition, but don't pass them into the isset parameter.

php check session data against URL parameter

I am new to php and having trouble with the following. I want to check the session user name to see if it matches the url parameter then print some stuff:
<?php
// Check User
if (isset($_SESSION['user_name'] == $_GET['name'])) {
//print html
}
?>
i just get a blank page when i test this even when the session name matches the url name.

You forgot to start your session and you're using isset() incorrectly
<?php
session_start();
// Check User
if ($_SESSION['user_name'] == $_GET['name']) {
//print html
}
?>
Better and more complete solution:
<?php
session_start();
// Check User
if (isset($_SESSION['user_name'])
&& isset($_GET['name'])
&& $_SESSION['user_name'] == $_GET['name']) {
//print html
}
?>

It seems you compare boolean result of isset function with string name from url.
// Check User
if (isset($_SESSION['user_name'])&&isset($_GET['name']))
if (($_SESSION['user_name'])==($_GET['name']))
{
//print html
}
?>

start session before checking session like this
<?php
session_start();
// Check User
if (isset($_SESSION['user_name']) == $_GET['name']) {
//print html
}
?>

logic error in isset() function, do so:
if (isset($_SESSION['user_name']) && isset($_GET['name']) && $_SESSION['user_name'] == $_GET['name']) {
//print html
}
upd: and sure, start_session() before any actions with session variables

Check session and cookie not working in PHP

I have this code that makes sure your are logged in, and then making sure you are on the right page by checking a cookie set at login. This code works on a page in a directory underneath the login in script, however in a page in a directory below that it always takes you to accessdenied. Any ideas?
<?php
session_start();
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: http://mywebsite.com/member/accessdenied.html");
exit();
}
$_COOKIE["verify"] = $verify;
if( $verify != file_get_contents("name.txt")) {
header("location: http://mywebsite.com/member/accessdenied.html");
} else { }
?>
And it seems like just the bottom part, the part that checks the cookie, isn't working. Again, any ideas?

I think you have your cookie assignment backwards:
$_COOKIE["verify"] = $verify;
Should be
$verify = $_COOKIE["verify"];
And that should be:
$verify = isset($_COOKIE["verify"])?$_COOKIE["verify"]:false;
As if the cookie was not previously set, well it would give a notice error.

<?php
$verify = $_COOKIE["verify"];
if( $verify == file_get_contents("name.txt")) {
echo $verify . 'is equal to the content of name.txt'
} else {
echo $verify . 'is NOT equal to the content of name.txt'
}
?>
Try debugging the code with this. See if the content of your variable is what you want. But I find it unusual that a variable would be a file.

are you sure you always get the content from file_get_contents? I could imagine it's found in one directory but not in the other!

antoher idea: cookies can be set to be relevant for a particular directory only. I just realize, what we're missing here, is the part where you set the cookie in the first place.

Categories