#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    117
    Rep Power
    11

    if() statment fails


    Hi. In this short piece of code the if statement should set session to true. but it seems to fail. I tried tim() as well but this does not work.

    $_SESSION["Supper User"] = "False";
    $user = ValidateKey($_SESSION["Name"] , $_SESSION["PWD1"] , $_SESSION["PWD2"]); // User
    echo "$user - " . $_SESSION["Name"] . "<br>";
    // result = 625aee459a20e92268a8cef6f06b7e2a - Desmond
    $user = trim($user);
    $_SESSION["Name"] = trim($_SESSION["Name"]);
    if($user == "625aee459a20e92268a8cef6f06b7e2a" && $_SESSION["Name"] == "Desmond")
    $_SESSION["Supper User"] == "True";

    echo $_SESSION["Supper User"]; // returns False
    exit;
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 2003
    Posts
    3,459
    Rep Power
    594
    1) Please enclose your code in [ PHP ] tags. See the sticky at the top of this forum that says READ THIS BEFORE POSTING.
    2) Echo the values of the if stament variables to make sure they contain what you expect.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2003
    Posts
    117
    Rep Power
    11
    I did echo the values as shown in my code with the comment markers //
    I found the problem myself. $_SESSION["Supper User"] == "True";
    should be
    Code:
    $_SESSION["Supper User"] = "True";
  6. #4
  7. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6351
    Use actual boolean values TRUE and FALSE (no quotes) rather than the strings. You can get unexpected behavior when using the strings, especially as a new user.

    Super User permissions should be fetched from the database and set during the password checking process, not done separately with hard-coded values. Also, "super" has 1 P.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  8. #5
  9. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    And why on earth do you store the plaintext password in the session? That's pretty much the worst thing you can possibly do.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  10. #6
  11. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Mar 2014
    Posts
    117
    Rep Power
    1
    can't believe no one pointed out that you use `===` to check `boolean` values, not `==` or `=`

IMN logo majestic logo threadwatch logo seochat tools logo