I encountered relay interesting problem.
I have this condition in external file which is called and after process code redirects to page set via BACKLINK post parameter like this.
if(isset($_POST['secureLogout']))
{
$_POST['backlink'] = '/';
session_destroy();
System::WriteLog('Session has been destroyed');
}
and even I don't post secureLogout parameter it still trigger, so I tried to var_dump POST variables, there is no secureLogout parameter.
so then I tried put my POST inside condition with exit to see what is in my post..
if(isset($_POST['secureLogout']))
{
var_dump($_POST); exit();
$_POST['backlink'] = '/';
session_destroy();
System::WriteLog('Session has been destroyed');
}
and NOW magic happens It does not trigger the code continue and everything works fine, but i cant logout now directly cause of exit before session destroy.
So basically how is it even possible that content inside IF has any effect on condition??
It is completely UN-logical and I lost my patience, I tried change post names, conditions but result is same.
If there is exit inside condition, condition is false, if there is no exit condition is true.
EDIT
I changed if condition to $_POST['secureLogout'] == 'secureLogout' problem still remained then i changed condition to
$_POST['secureLogout'] == 'secureLogout123'
which has to be false everytime and it is session is not destroyed, so I put exit inside again and changed condition back
$_POST['secureLogout'] == 'secureLogout'
with exit, condition does not tirgger so $_POST secureLogout parameter is either different or is not set
I removed exit and session been destroied...
Check the amount of parameters available to be post in phpini. Maybe you are trying to post too many variables which overflow the capacity and cause the script to crash.
With this information is impossible to occur that you are saying, but I think that your problem is the isset() and not the if() statement. The if statement doesn't change its behaviour depending of the content. Maybe, secureLogout is isset, but is empty, and here you are your possible solution:
if(!empty($_POST['secureLogout'])) {
// empty returns true when is not set, when it's zero values, empty values, etc.
}
See this:
http://php.net/manual/en/function.empty.php
Good luck!
isset return true only if it contains some value. In other words, it returns true only when the variable is not null. Consider that 0 and "" are a value.
You could try to use if(!empty($_POST['secureLogout'])). empty does the same as isset but checks if the variable is empty. 0 and "" are différent than empty. So empty will return false.
Related
All, I posted a code in a forum before and no one was able to answer this.
The "Sign Up" and "logout" are both buttons with value types on other pages that are linked to this page code called login.php
The problem is that I keep getting an undefined index. Is there a way to call it better?
I have..
if ($_POST['submit']=="Sign Up") {
and..
if($_GET["logout"]==1 AND $_SESSION['id']) { session_destroy();
header("Location:logout.php");
}
As both POST and GET variables must not be send at all, always use a scheme similar to this one:
$var = isset($_POST['fieldname']) ? $_POST['fieldname'] : null;
if ( !isset($var) )
{
// errorhandling
}
else
{
// proceed ...
The error you get indicates that at least one of your POST and/or GET variables is either not set or misspelled.
As Axel points out, check if $_POST has the value for "submit" using isset() function, if it is set, the you can access the value the way you are doing. If $_POST does not have the value for that, it means that it is not being sent.
So, in your HTML, check that the button is indeed called that way and that it is inside a tag with the ACTION attribute and METHOD set to POST.
Also be careful with comparing with 1, since in PHP is also means true.
I am trying to make a simple redirect php plugin, and i cant get to the bottom, i would really appreciate some help.
Inside a folder i have the php script that will handle the redirect, for ex: /redirect/a.php
Scenario 1:
call /redirect/a.php?key=firstkey the redirect to http://www.url1.com
Scenario 2:
call redirect/a.php?key=secondkey then redirect to http://www.url2.com
General rule:
If a.php is called without key, or with wrong key then display Error.
Thank you!
Use global variable $_GET["key"] to get value of "?key=value", then use header() to redirect.
Note that there cannot be any output before calling header(), that applies even for whitespaces (such as space, or tab).
It could look something like this:
// checking whether the key is sent by user who visits the page
if(!isset($_GET["key]))
{
die("Key is required");
}
// checking whether the key is empty
if(empty($key)
{
die("Key shouldn't be empty");
}
if($_GET["key"] == "firstkey")
{
header("location: http://www.url1.com");
}
It would be better to use array() to list keys that should be accepted by script, you could easily look for them by using in_array().
I have a PHP script that stores a url from which a form was submitted in a session variable and then compares it to the current page url. If it's not the same as the one stored in the session it gets unset, at least that's how it should work. The problem is that the if statement used for checking if the two urls match seeems to be ignored and the session vars get unset anyway.
$compare_url_old = array_shift(explode(',', $_SESSION['search_page']));
$compare_url_new = array_shift(explode(',', $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']));
if ($compare_url_new != $compare_url_old)
{
unset($_SESSION['search_page']);
unset($_SESSION['search_price_min']);
unset($_SESSION['search_price_max']);
unset($_SESSION['search_name']);
}
The strange part is that if I try to echo something within the if statement it works properly but for some reason the unset functions get called every time despite the result.
Problem solved, turns out it was something I overlooked above the code in question, the script works fine. Sorry for that.
So my issue is that I'm setting a message in a session var to carry over in a page redirect.
And then setting the var to an empty string so it doesn't redisplay everytime.
Like so:
if ($successMsgs || !empty($_SESSION['msg_success'])) {
$success_block[] = '<ul id="success-block">';
foreach($successMsgs as $success) {
$success_block[] = '<li>'.$success.'</li>';
}
if (!empty($_SESSION['msg_success'])) {
$success_block[]='<li>'.$_SESSION['msg_success'].'</li>';
$_SESSION['msg_success']='';
}
$success_block[] = '</ul>';
$success_block = implode('',$success_block);
}
The problem is that the clearing of the session var seems to have a retro-active effect so the message never gets displayed. It only works if I take out the line that re-sets it to an empty string. I'm thinking there's something about when session vars are evaluated that I don't understand?
Except for the freedom to define functions and classes after invoking them, there is definitely nothing retro-active in PHP. Session variables will be available after the session_start() command. Unsetting a session variable inside the block won't have an effect in the code before it occurs.
Your problem must have to do with something else - maybe the page gets called twice, or a header redirect takes place?
It turned out that the code beneath the redirect was getting run, before actually redirecting. The solution was simply to add an exit to the redirect function.
well, the only possibility i can think of is that you are calling this piece of coding twice. and in the first call it doesn't get printed. maybe you are redirecting twice for some reason...
So the basis of this page is I set a session value when the page loads, and clear it on any other page they visit. Then the page can make an ajax call to download a file. If the session value matches the value I pass through the URL I allow them to download the file. If not I return a 404 error. I was having some weird issues, so I removed the 404 and set it to echo out the values instead to see what I was getting. Here is the top of the code on the page:
$code = $this->_request->getParam('code');
$confirm = $_SESSION['mp3_code'];
echo $code."-1-".$confirm;
if($code != $confirm)
echo $code."-2-".$confirm;//header("HTTP/1.1 404 Not Found");
else
{
Here is what displays on the page from the ajax call
12723430-1-12723430-2-
As you can see when it echos out the first time they exist, then somehow after I compare them and it fails you see that it echos out blank values like they suddenly ceased to exist. Any ideas?
It is imperative that you make sure to call session_start at the top of any script using sessions. I think this may be the case here.
In your code, it's echoing $code and $confirm. But $confirm is an empty string since you are not actually retrieving the session data (why has yet to be determined), the condition will most of the time evaluate to TRUE.