Jump to content

Recommended Posts

Login Page

if ($name == $newName)
{
if ($password == $newpass)
{
    session_destroy();
    $_SESSION['myAdmin']=true;
    header("Location:adminArea.php");

adminArea.php

if ($_SESSION['myAdmin']=true)
{
    echo "Session Y";
?>

Log Out Page

<?php
session_start(); ob_start();

switch ($_POST['submit'])
{
    // ----------------------------------------------------------------------
    case "signOut":
    session_destroy();
    header("Location:../");
    break;

After Sign out, session remains active

Link to comment
https://forums.phpfreaks.com/topic/302837-php-sessions-not-working/
Share on other sites

Your admin area makes everybody an admin:

if ($_SESSION['myAdmin'] = true)
                         ^

This is an assignment, which means the condition is always true.

 

You probably wanted to check for == true, but this doesn't make much sense either. The variable $_SESSION['myAdmin'] is already a boolean. It doesn't get any “truer” or “falser” by doing comparisons. Just use it directly:

if ($_SESSION['myAdmin'])

This is also much safer against typos.

 

 

 

What's the session_destroy() in the log-in script supposed to do?

Edited by Jacques1
  • Like 1

I agree with the above for that a good way in not getting trip up with boolean comparisons. A simple trick that I do when writing if statements is I use === instead of == that way if I forget an equal sign it'll still work (someone told me this a long time ago when I was asking for help). This will work 95% of the time, but there are some instances that you can't use a direct comparison (exactly the same value) and in the situation you need either to use the == or === depending in whatcha doing, but I really haven't found that to be a hiccup. I don't do much regex and I am guessing that would be where that comes into play?. 

I wouldn't use the === operator to have a “spare =”.

 

The purpose of === is type safety. You use it when the type is needed as additional information to distinguish between multiple values (e. g. the integer 0 and the boolean false in a boolean context; strpos() is a classical use case).  Type-safe comparisons are also used in critical features to prevent bugs.

 

But that's it. When you routinely do === comparisons, you're going against the type system which is weak by design. The fact that we can write

if ($an_array)
{
    // not empty
}
else
{
    // empty
}

or

if ($a_string)

or

"1234" == 1234

is how it's meant to work.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.