1

I read many other topics about this but still can't figure out what's my problem. It was working, then my computer crashed e now it seems it's not memorizing the session variable anymore. So this is my code

the login page, where I create the session (if the user is authenticated)

<?php session_start(); 
if(!empty($_POST['subject'])) //SPAM
    exit;

include "functions.php";
$con=Connection();
$usr = mysqli_fetch_array(mysqli_query($con, "SELECT usrname, usrpw FROM users"));

if(password_verify($_POST['usrname'], $usr[0]) && password_verify($_POST['usrpw'], $usr[1])){
    session_regenerate_id(true);
    echo "crea session";
    $_SESSION['logged'] = hash('sha256', 'L9oT8s5iF3yX1uW');
    $_SESSION['remote_ip'] = $_SERVER['REMOTE_ADDR'];
    $_SESSION['year'] = date('Y');
    echo "<h12>welcome!<br/><br/>";
    echo"<a href='home.php'>Home</a></h12>";
}else{
    session_destroy();
    echo "<h12wrong data.<br/></br>";
    echo"<a href='login1.php'>try again</a></h12>";
}
mysqli_close($con); ?>
<html>
<head>
<title> Login </title>
<link type="text/css" rel="stylesheet" href="css/styles.css" title="Style" media="all" />
</head>
</html>

these are the first lines of code in my "home" page after logging in (and creating the session variables). The other lines is html so I omitted it.

<?php session_start();
    if(!isset($_SESSION['logged']) && $_SESSION['logged'] != 1)){
        echo "not logged ".$_SESSION['logged'];
        exit; 
    }
?>

The login page works (it goes inside the if stat. as the "create session" string will be printed), but as soon as I go to the home page It will throw this error: Notice: Undefined index: logged at line 2 (where I'm checking if the session variable isset). I tried commenting out all the session variables except 'logged' but still couldn't solve.

thanks

EDIT: sorry, about the parenthesis I just made a mistake writing here (I changed the string I had with the number 1 and I forgot to remove the parenthesis). Still not working.

I tried this and still throws the error (in fact the echo won't print anything after "not logged ")

if(!isset($_SESSION['logged'])){
        echo "not logged ".$_SESSION['logged'];
        exit; 
    }

EDIT 2 : I deleted all the code in home.php and made it like this:

<?php session_start();
    echo $_SESSION['logged'];
?>

it will still tell me that 'logged' index is undefined

Improve this question
17
  • In your second code box you have one ) to much in the if statement (at the end) (Also i would use ||) Commented Dec 6, 2014 at 14:00
  • my mistake writing here. it's not that Commented Dec 6, 2014 at 14:20
  • So that means your session index doesn't get set! So your if statement in the first code box doesn't get entered! (I think you don't have your username hased! So don't use password_verify for the username) Commented Dec 6, 2014 at 14:24
  • actually the first if gets entered as it prints out the echo string..it looks like it just does not set the session variable Commented Dec 6, 2014 at 14:26
  • That's really strange if you get an output before you set your session index, but you can't access it! I almost think the error is later in the code! Maybe you modify or unset this index?! Commented Dec 6, 2014 at 14:27

4 Answers 4

Reset to default
1

i think, you mean if(!isset($_SESSION['logged']) || $_SESSION['logged'] != 1)) (first check session variable existance, next check value)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

my mistake writing here. it's not that
0

When using isset, I usually do it the other way around, in order to read my logic better in the future:

Let's brake it down, this would mean that the used is logged in:

isset($_SESSION['logged']) && $_SESSION['logged'] == 1

And then I wrap the whole thing with ! making the statement to only work if the user is NOT logged in:

!(isset($_SESSION['logged']) && $_SESSION['logged'] == 1)

Remember you have to add the parenthesis, otherwise the ! will only invert the isset, not the whole thing..

All the above if you really wanna go this way, but to be honest it's better to use empty in your case:

if (empty($_SESSION['logged']))

This will check if the thingy is set and then if it doesn't evaluate to bool false - with your case 1 is not empty and 0 or '' is, so it will work like a charm.

Improve this answer

4 Comments

thanks, I tried just to check with isset and it tells me it's not set (then enter the if)
I didn't say to just check with isset, but with empty. empty() method of php implements internally the check for isset.
ops..sorry..now I tried with empty and it evaluates as true (then it's empty)
Do you even ever set it? Can you debug something in the password_verify if so we can make sure that the code there gets executed?
0

because if not exist can't be different from 1 you must use or (||)

<?php session_start();
if(!isset($_SESSION['logged']) || $_SESSION['logged'] != 1){
    echo "not logged ".$_SESSION['logged'];
    exit; 
}
?>
Improve this answer

Comments

0

Try this it will help you :

  1. Remove extra )
  2. Use || not &&

Use proper condition

if(!isset($_SESSION['logged']) || $_SESSION['logged'] != 1)
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.