End session for password
I am trying to store a POST request variable in the session, so I don't have to make a POST request every time I click on the page. I am getting the following errors: Undefined index: password on line 8, 10, 12 Even if the password is correct, it says it is not valid. Here's my code
session_start();
//error_reporting(0);
//@ini_set('display_errors', 0);
/*
Checking for login
*/
if (!$_POST['pw'] == "") {
$_SESSION['password'] = $_POST['pw'];
}
$pass = $_SESSION['password'];
$configpassword = "a random password";
$sessionpass = $_SESSION['password'];
if (!$pass == $configpassword) {
echo "<title>ACCESS DENIED !</title><h2>ACCESS DENIED !</h2>";
echo "<script>setTimeout(\"location.href = 'login.php';\",1500);</script>";
session_destroy();
die();
}
source to share
Your conditionals have an operator precedence issue.
if (!$_POST['pw'] == "")
This will evaluate if it is (!$_POST['pw'])
equal ""
, which will first distinguish $_POST['pw']
to boolean, then negates it, and then compares that to boolean ""
(which is false). This will cause your conditional code to do the opposite of what you want: !$_POST['pw'] == ""
true only if $_POST['pw']
equal ""
(or any other falsey, for example "0"
).
Same problem with if (!$pass == $configpassword)
Try changing them to:
if ($_POST['pw'] != "")
and
if ($pass != $configpassword)
source to share