homepage Welcome to WebmasterWorld Guest from 54.161.181.49
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
curious 'if' statements
Mr_Cat




msg:4422750
 6:44 pm on Feb 28, 2012 (gmt 0)

Hi folks,

Just wondering why I've seen on occasion the curious use of 'if' as follows.

In my login scripts 'log out' handler scipt I found online, there is the code (and this is 98% of the entire code on the page)


if(session_destroy())
{
header("Location: login.php");
}


...and that's the end of the code. I've seen similar use occasionally in other bits of code but I just seem to be not quite getting why you'd use it in such a way. Surely it's purpose is so we can say 'if this...else that', or 'if this condition applies then do something extra'?

Why not just say 'session destroy then go to...'

Any enlightenment much appreciated
Cheers folks

 

penders




msg:4422837
 9:22 pm on Feb 28, 2012 (gmt 0)

...this is 98% of the entire code on the page


What's the other 2%?

Is this script a 'page' that is accessed directly in the browser? Or is it included as part of another script?

rocknbil




msg:4423158
 5:18 pm on Feb 29, 2012 (gmt 0)

Because if there's no session already, session_destroy() will give you an error, something like "Hey dude there's no session to destroy." :-) Try it.

<?php
error_reporting(E_ALL);
session_start();
session_destroy();
echo "<br>Session destroyed";
session_destroy(); // kicks error "Warning: session_destroy() [function.session-destroy]: Trying to destroy uninitialized session in /home/username/public_html/sess-destroy.php on line 6"
?>

Surrounding calls to variables that may or may not exist, or functions that may or may not be initialized, is just good programming. Even on a server with PHP errors quieted (which is most servers today) it helps prevent clogging up error logs with trivial poor programming errors/warnings. It's anything but silly and far underused.

Another aspect of this approach is economy. Consider the following.

if (isset($myvar) and (! empty($myvar) and ($myvar !='')) {
echo "Wow that seems like a lotta programming for a simple task.";
}

The previous is (painfully) simplistic and common. Now look at this.
$myvar = null; // Good practice: initialize your variables.

if ($myvar) {
echo $myvar;
}

What will happen above? Nothing. $myvar is null. But we don't need to check if it's set or empty or even an empty string because we've initialized it as null. If anything is set between initialization and the if construct, then it will be something other than null.

This is the same concept as your initial code - "If I can execute session_destroy it means there's a session to destroy, so do it and redirect." But in three lines and one if condition. :-)

penders




msg:4423184
 6:14 pm on Feb 29, 2012 (gmt 0)

Because if there's no session already, session_destroy() will give you an error...
:
This is the same concept as your initial code - "If I can execute session_destroy it means there's a session to destroy, so do it and redirect."


Not the same concept. Surrounding session_destroy() in an IF still executes session_destroy() if there is no session... and triggers an E_WARNING.

IMHO the only logic that that snippet of code suggests (without seeing the bigger picture) is that it is undesirable to be redirected to login.php (which should incidentally be an absolute path) if the session could not be destroyed. But what happens on failure? As it stands I can't see anything useful with that bit of code, or any real need for the IF(), other than if the user could access that script directly when perhaps the session has not been started? Hence the questions in my post above.

Mr_Cat




msg:4423302
 10:18 pm on Feb 29, 2012 (gmt 0)

Ha ok guys here it is.

I'm entirely dubious about this whole script now myself, as mentioned it was borrowed from a tutorial (oh the irony).

The entire script for 'logout' was just exactly as pasted above prety much.

So as not to double post, the rest of the script is here [webmasterworld.com...]

but I have since bee trying to solve my referer problems and errors by removing the session destroy and replacing it with unset['appropriate_bit'] so my new script reads


<?php

include ($_SERVER['DOCUMENT_ROOT'] . "/db_connect.php");
// Ther're leaving, update their last online time etc

$member_ID = $_SESSION['member_ID'];

$update = "UPDATE members_log";
$update.= " SET log_lastonline = log_activecheck,";
$update.= " log_isonline = 'n'";
$update.= " WHERE log_mem_ID = '$member_ID'";
mysql_query($update);

// LOG OUT

session_start();

unset($_SESSION['login_user']);

header("Location: http://www.website.com/bye.php");
?>



I was just confused about the curious if usage because the original script I got had literaly 'session start() - if(session destroy) { header = etc. }

... full stop

Honestly folks, program your own, learn how in ten minutes and save five hndred minutes of grief wonderng what you've not understood. ...or, am I still missing something? It's so easy to trust other folks when you don't know how, but lookig up cool code snippets on the net I'm beginning to think is like saying yea it must be true because I saw it on tv :D

penders thanks I've bashed eveything into shape now thanks to your hints and it's all working good, but when I came to adjust the logout script I got confiused by this and had to ask!

penders




msg:4423512
 9:55 am on Mar 1, 2012 (gmt 0)

...the original script I got had literaly 'session start() - if(session destroy)


It is possible that session_destroy() could fail for other reasons (other than the session not being started), especially if you are using a custom session handler, but I don't think this necessarily applies here. But it is possibly correct to prevent a redirection to login.php if session_destroy() failed (we are not saying this is wrong), since the user may not be logged out and would probably be unable to (re)login so redirecting to login.php unconditionally could result in a perpetuating loop(?) But you would need to do more than simply IF() in order to resolve this.

Just a thought with your current logout script above... do you log (in your DB) the users login state elsewhere in your code? What if the user simply closed their browser window and did not explicitly 'logout'?

...when I came to adjust the logout script I got confiused by this and had to ask!


Absolutely - it's good to question.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved