| Re: Hopiing for some leads as to what may be wrong in this code [message #182276 is a reply to message #182260] |
Sat, 27 July 2013 10:17   |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
|
Senior Member |
|
|
Norman Peelman wrote:
> On 07/25/2013 02:11 PM, Twayne wrote:
>> On 2013-07-25 1:51 PM, Christoph Michael Becker wrote:
>>> Twayne wrote:
>>>> $code= $_POST["code"];
>>>> if($_SESSION["d"] !== $code) {
>>>> echo "<br />You did not enter the correct code: Script halted,
>>>> ALL
>>>> data destroyed.<br /> you'll have to go back to the website and start
>>>> over.<br />";
>>>> die("Script HALTED, data destroyed");
>>>> session_destroy();
>>>> exit();
>>>> }
>>>
>>> You may consider checking the actual values of $code and $_SESSION['d']
>>> immediately before the if statement (if you don't have a debugger at
>>> hand, just use a simple var_dump()).
>>
>> It's interesting, but I did. A rev back I had an echo for "code" and
>> Session(... and it prints them just before it throws the error message.
>>>
>>> BTW: calling session_destroy() after die() was executed doesn't have any
>>> effect. You'll want to swap both lines and remove the exit().
>>>
>>
>> THAT is wise advice! Thanks I'll do just that; thanks for pointing it
>> out.
>>
>
> $code= $_POST["code"];
> echo "<pre>";
> var_dump($_SESSION["d"]);
> var_dump($code);
> echo "</pre>";
> if($_SESSION["d"] !== $code) {
if ($_SESSION["d"] !== $code) {
(it is not a call)
> echo "<br />You did not enter the correct code: Script halted, ALL
> data destroyed.<br /> you'll have to go back to the website and start
> over.<br />";
> die("Script HALTED, data destroyed");
> session_destroy();
> exit();
>
>
> You need to make sure that both variables are of the same *value* and
> *type*. Another way to check would be to change !== to != (or <>). The
> only way your branch gets executed is if they do not match both *value*
> and *type*.
What are you getting at? I do not see how a $_POST element could ever be
*not* a string, and the result of “!==” can be false even when the two
operands *are* of the same type. And the code must be a string here (it
contains “-”), so $_SESSION['d'] would be a string.
The difference is perhaps in the session not being started or recognized on
one PHP host, but on the other. If the session is not started, it could be
that session information cannot be written to the filesystem; if the session
is not recognized, it could be that the session cookie is not set on the
client-side due to user settings.
ISTM there still is not enough information in the posting; for example, the
part that *sets* $_SESSION['d'] is missing.
The OP should take heed of
<http://www.catb.org/~esr/faqs/smart-questions.html>
and stop wasting everybody's time with guessing games.
PointedEars
--
Sometimes, what you learn is wrong. If those wrong ideas are close to the
root of the knowledge tree you build on a particular subject, pruning the
bad branches can sometimes cause the whole tree to collapse.
-- Mike Duffy in cljs, <news:Xns9FB6521286DB8invalidcom(at)94(dot)75(dot)214(dot)39>
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]