p2p.wrox.com Forums

Need to download code?

View our list of code downloads.


  Return to Index  

beginning_php thread: super simple login trouble - take 2 [ was [ RE: i need simple logout [was RE: variable doesn't show up in $_COOKIE or $HTTP_COOKIE_VARS or $_POST


Message #1 by spam@k... on Tue, 25 Feb 2003 13:34:00 -0600
This might be a situation where I'm doing quite obviously stupid. I'm trying to kill a session variable
and nothing seems to work. Now I'm trying this:



session_register("password");

if ($password != "xxx"){
	echo "<p>This is what you typed: $password";
	session_unset(); 

	session_unregister("password");
	unset($password);
	echo "<p>Type your password: <br>
		<form method='post' action='login.htm'>
		<input type='password' name='password'><br>
		<input type='submit'>
		</form><p>";
	exit();
}















------------------------------------------------
On Mon, 24 Feb 2003 15:43:15 -0600, spam@k... wrote:

> Two things:
> 
> 1.) I do understand that the way to kill a cookie is to set the timestamp in the past, or give it a value that would test
false, what I don't understand is why my code for that purpose wasn't working.
> 
> 2.) I agree with you that using the superglobals would add a great deal to clarity, and it is true that in this one case I
could use them, but in general I write code to be used on any machine. I've had bad experiences with hosts that still run PHP 4.01
or even PHP 3.x. If you want (as I want) to write code that runs anywhere, then you have to avoid all the 4.1+ stuff. Too many
hosting companies haven't upgraded yet. And it is too much of a headache for me to try and keep two versions of my software, one
that would work on newer versions of PHP, and one that would only work on old. 
> 
> thanks,
> 
> lawrence 
> 
> 
> 
> 
> 
> 
> ------------------------------------------------
> On Mon, 24 Feb 2003 12:04:20 -0800, "Nikolai Devereaux" <yomama@u...> wrote:
> 
> > 
> > > Maybe I'm making the simple complicated.
> > >
> > > How do people log out? I'm asking all of you, assuming you've all
> > > written logout functions. Right now I'm doing this:
> > >
> > > if ($logged == "logout") {
> > >   $jess = "logout";
> > >   setcookie ("jess", $jess);
> > >   header ("Location: http://www.krubner.com/");
> > > }
> > 
> > 
> > Usually, you delete or invalidate a cookie by setting it's expiration time
> > to a negative number, which means it's already expired.
> > 
> > 
> > On a side note, I think that you should code this new site using the
> > superglobals instead of assuming register_globals will be on.
> > 
> > Not only will you protect yourself from false logins, your code will make
> > much more sense.
> > 
> > Compare the readability of your code:
> > 
> > 
> > if ($jess != "xxx")
> > {
> >    setcookie ("jess", "");
> >    echo "<form method=\"post\" action=\"index.php?articleId=42\">
> >      Please type your password:<br>
> >      <input type='text' name='jess'><br>
> >      <input type='submit' name='submit' value='submit'>
> >      </form></body></html>";
> >    exit();
> > }
> > if ($jess == "xxx")
> > {
> >   setcookie ("jess", $jess);
> >   [lots more stuff]
> > }
> > 
> > 
> > 
> > To this rewritten version:
> > 
> > if(! isset($_GET['jess']) || ($_GET['jess'] != 'xxx'))
> > {
> >    setcookie('jess', '');
> >    echo '<form method="post" action="index.php?articleId=42">
> >            Please type your password:<br />
> >            <input type="text"   name="jess" /><br />
> >            <input type="submit" name="submit" value="submit" />
> >          </form></body></html>';
> >    exit();
> > }
> > 
> > // no need to test $jess == "xxx" --
> > // it must be since we didn't exit the script above.
> > 
> > setcookie("jess", $_GET['jess']);
> > //lots more stuff
> > 
> > 
> > 
> > IMHO, it makes much more sense to see explicitly where you're expecting to
> > get your values from.
> > 
> > 
> > Take care,
> > 
> > Nik
> > 
> > 
> > 
> 
> 

  Return to Index