Check for two variable in Session

Forum Moderators: coopster

Message Too Old, No Replies

Check for two variable in Session

one is check if isset and other for same value

abushahin

5:27 pm on Dec 24, 2011 (gmt 0)

Hey guys,
I have a page that checks for two session varibles both set from the login page well one from the login check page and another to see what type of user and sets an extra session variable.
so the first one sets the username and directed to successful login page where a sql query is done and member type assigned 1 or 2.

what is wrong with this code?

session_start();
if(!(isset ($_SESSION['username'])) && ($_SESSION["profile"]!=2)){
header("location:index.php");
}

i am echoing the profile and it is being set but condition fails ie once logged in as profile type 3 i can navigate to profile type 2 without problem.

anu suggestions most appreciated.

rocknbil

5:57 pm on Dec 24, 2011 (gmt 0)

Did you echo to see if username was set? If it's set at all it will fail, as you're binding it to both conditions.

abushahin

6:27 pm on Dec 24, 2011 (gmt 0)

Thanks for your reply, yes the username is set and the profile is set to a number.

this works:

session_start();
if(!isset($_SESSION['username'])){
header("location:index.php");
}
else if($_SESSION["profile"]!=2){
header("location:index.php");
}

whats the difference between above and this:

session_start();
if(!(isset ($_SESSION['username'])) && ($_SESSION["profile"]!=2)){
header("location:index.php");
}

as usual any suggestions appreciated!

Matthew1980

10:10 am on Dec 27, 2011 (gmt 0)

Hi there abushah,

The difference between these two excerpts of code is this:

The first one is evaluating the two clauses seperately, they could even be in seperate if statements as the actions would be the same.

The second one is evaluating the single clause as a whole & so both conditions (as they are parethesised) need to return true as you have the && operator comparing the two entities together, so both sides need to return true in order for the 'catch' to be used.

Also, look up the difference between using logical & bitwise and's (&& / AND) as this can also make a difference when you analyse specific things.

Also, in the first example, I would personally advocate the use of exit; directly after the header call just so that php knows that there is nothing else to execute after the header call has been successful - good practice to terminate once a redirect is correct, stops any erroneous actions going on in the background.

Anyway, happy coding & happy new year!

Cheers,
MRb

abushahin

5:32 pm on Dec 27, 2011 (gmt 0)

hey mrb, thanks for the enlightenment! the second conditions work but the first one where both conditions need to be fulfilled doesnt work, Im not sure whats wrong! any suggestions would be great!

btw
same to you!

Matthew1980

6:21 pm on Dec 27, 2011 (gmt 0)

Hi there abushahin,

Ok. The second example that has two things to be evaluated will never function (if my logic is correct) because if a $_SESSION[] isn't set (!isset($_SESSION['username'])) it wouldn't even return true. I have code on my own website for $_COOKIE/$_SESSION handling where I use empty() to see if the $_SESSION is active before I check to see if it's inuse - or isset() as these two functions: isset() and empty() are good things to use to check that a variable is instanciated && then has state, whether it's NULL or empty.

Why do you need to check that both conditions are true? Couldn't you just use nested statements to ensure that the first clause gets caught, then evaluate the second. If you're really logically minded you could even achieve this with a ternary (single line if statement - great to use, just like iif() in VB)

Try this:-

session_start();

if($_SESSION['profile'] != 2){ //checking an int() instead of string - check that it's set as such
if(!(isset($_SESSION['username']))){
header("location:index.php");
exit;
}
}

Though, I'm not too chuffed with that, and not knowning the whole context of this excerpt I don't want to stray too far away from what you've provided.

Cheers,
MRb

==============================================================================
[EDIT] Thinking about this some more, you could perhaps do something like this, well close to this, I'm a few Guinness in now so my logic head isn't 100%

session_start();
if(empty($_SESSION['username']) && !(isset($_SESSION['username'])) && ($_SESSION["profile"]!=2)){
header("location:index.php");
}

Essentially states:

$_SESSION['username'] = "" }
} - then send to the index page
$_SESSION['profile'] = 1 }

BUT, if a session is not set !isset() this potentially means that doing this: print_r($_SESSION) will mean that $_SESSION['username'] doesn't even exist in the array, so even checking for it using empty() would return false, possibly even flag an error.
====================================================================================

abushahin

1:47 am on Dec 28, 2011 (gmt 0)

Hey thanks for your reply and excellent suggestions!
I checked if both variables were being set and sent and yes it is both being set and sent but for some reason the condition with && doesnt work and the else if one does.

Dinkar

4:59 am on Dec 28, 2011 (gmt 0)

To abushahin:

I didn't studied your code but want to reply to the following quote -

...but for some reason the condition with && doesnt work and the else if one does.

Do you know what does your above quote means? It means you need to learn how "if else if" and logical "and" works.

Try this code:


$a = 1;
$b = 3;

if ($a == 0)
echo "A = Zero and B = Any\n";
else if ($b != 2)
echo "A = Any but not Zero and B = Any but not Two\n";


if (($a == 0) && ($b != 2))
echo "A = Zero and B = Any but not Two\n";
else
echo "A = Any, may be Zero and B = Any, may be 2\n";

Disclaimer: The above code is not tested. But play with it, you will learn.