End session for password

Question

End session for password

I am trying to store a POST request variable in the session, so I don't have to make a POST request every time I click on the page. I am getting the following errors: Undefined index: password on line 8, 10, 12 Even if the password is correct, it says it is not valid. Here's my code

session_start();
//error_reporting(0);
//@ini_set('display_errors', 0);
/* 
Checking for login
*/
if (!$_POST['pw'] == "") {
$_SESSION['password'] = $_POST['pw'];
}
$pass = $_SESSION['password'];
$configpassword = "a random password";
$sessionpass = $_SESSION['password'];
if (!$pass == $configpassword) {
    echo "<title>ACCESS DENIED !</title><h2>ACCESS DENIED !</h2>";
    echo "<script>setTimeout(\"location.href = 'login.php';\",1500);</script>";
    session_destroy();
    die();
}

+3

php

ax752 13 oct. 14 at 4:59 am

source to share

1 answer

FoolishSeth · Accepted Answer · 2014-10-13T05:04:04+0000

Your conditionals have an operator precedence issue.

if (!$_POST['pw'] == "")

This will evaluate if it is (!$_POST['pw'])

equal ""

, which will first distinguish $_POST['pw']

to boolean, then negates it, and then compares that to boolean ""

(which is false). This will cause your conditional code to do the opposite of what you want: !$_POST['pw'] == ""

true only if $_POST['pw']

equal ""

(or any other falsey, for example "0"

).

Same problem with if (!$pass == $configpassword)

Try changing them to:

if ($_POST['pw'] != "")

and

if ($pass != $configpassword)

End session for password

More articles: