Page 1 of 1

Quick question - help with isset()

Posted: Tue Sep 07, 2010 5:38 pm
by mecha_godzilla
Hi All,

Brief background to this question: my hosting provider has just decided to switch on NOTICES reporting, so my site is now swamped with lots of "Notice: Undefined index" messages.

I've worked out how to get rid of these messages (by over-riding the php.ini settings of course!) but I'm now trying to fix the code that's generated these messages and run into a problem with isset(). Having looked at the PHP manual, I'm aware that isset() is only supposed to be used to check variables but I'm using this code in my pages and it doesn't generate any NOTICES or cause any problems:

Code: Select all

if(!isset($_SESSION['user_id'])) isset($_SESSION['user_id']);
$_SESSION['user_id'] = $user_id;
This code was taken from a long-forgotten tutorial I read a while ago but I can't work out what the result of the first line is meant to be - is it redundant/pointless? Can isset() be used to 'set' a value rather than just test it?

Thanks,

Mecha Godzilla

Re: Quick question - help with isset()

Posted: Tue Sep 07, 2010 5:59 pm
by kristen
mecha_godzilla wrote:

Code: Select all

if(!isset($_SESSION['user_id'])) isset($_SESSION['user_id']);
$_SESSION['user_id'] = $user_id;
This code was taken from a long-forgotten tutorial I read a while ago but I can't work out what the result of the first line is meant to be - is it redundant/pointless? Can isset() be used to 'set' a value rather than just test it?
It's pointless code. It won't actually do anything because the if syntax is wrong. Assuming you quoted it correctly you really need a new tutorial. ;)

What are you attempting to accomplish?

Re: Quick question - help with isset()

Posted: Tue Sep 07, 2010 6:30 pm
by mecha_godzilla
Thanks for the quick response. I suspect a new tutorial is probably in order! Actually, this is one of those situations where I created a 'library' of authentication code a while ago and because it's always worked I assumed it was sound :)

All I want to achieve is to test whether the session value has been set (or been set but not to the right value) and if not redirect to an error message.

The test on my other page (which I did write) looks like this

Code: Select all

if ($_SESSION['user_id'] != $user_id || !isset($_SESSION['user_id'])) {
// redirect
}
so unless there's anything wrong with that code I'll use this for everything.

Just another question, if you don't mind - it says in the PHP manual that isset() should only be used for testing variables, but does it handle $_SESSION and $GLOBALS values in the same way (provided I specify a key) or are there any 'gotchas'?

Thanks,

M_G

Re: Quick question - help with isset()

Posted: Tue Sep 07, 2010 7:07 pm
by kristen
I guess the question that's really rolling around in my head (and you don't know me from Eve, so take it with a grain of salt) is where is $user_ID being set?

Syntax wise your last snippet looks fine and should validate just fine. Whether it will validate (behave) in the fashion you're looking for is another story. :)

Re: Quick question - help with isset()

Posted: Tue Sep 07, 2010 7:42 pm
by mecha_godzilla
The $user_id value is being set by a script that's included in another script. The idea of the test is to stop people accessing the page if they haven't logged-in or (less likely) the session values have been altered for some reason. I do an IP address check when the user logs-in (which is then stored as the session value) and this is then checked again on every subsequent page load - if the IP address changes during the session then the user is forcibly logged-out. This *does* work correctly because my ISP assigns me a dynamic IP address and when the connection drops (every couple of minutes or so it seems) the application accuses me of being a nasty h4x0r and threatens to report me to the relevant authorities :)

I think (hope!) the program logic is sound so at least I can get rid of that 'tutorial' code now. I might just do a quick bit of searching later on to see if it's still online...Then I can name and shame them :mrgreen:

Thanks again,

M_G

Re: Quick question - help with isset()

Posted: Tue Sep 07, 2010 7:55 pm
by kristen
But how is $user_ID set to begin with?

I guess what's attracted my attention is it it looks to me like you are comparing a variable ($user_ID) that is, at some point, generated by something in $_SESSION, which would invalidate it for cross-checking.

If you're setting $user_ID = $_SESSION['user_ID'] in another file that you later include in the file where you do the validation it's just going to inherit the $_SESSION value of the current page.

It's really just the similar variable names that's making me go :dubious:

Anyway. My little pea brain is addled this evening, so pay me no mind if it all makes perfect sense to you. :mrgreen:

Re: Quick question - help with isset()

Posted: Tue Sep 07, 2010 8:05 pm
by mecha_godzilla
The session value is only ever set once (when the user logs in) so $user_id and $_SESSION['user_id'] are distinct - it was only in the tutorial code that $_SESSION['user_id'] was set to $user_id (which itself is a value retrieved from the database depending on whether the user logged-in with the right credentials or not).

In my contorted mind everything makes sense - you should see my template parsing code! They said it couldn't be done (on this very forum as it happens!) but I confounded them all and did it :mrgreen: Now my PHP and XHTML are completely separate, nothing can stop me...

And on that note, I shall bid you a good night as I'm off to bed now - thanks again for your help :)

M_G