473,226 Members | 1,597 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,226 software developers and data experts.

!isset

Hello,

does anybody know what the use of the exclamation mark in "!isset" is?
It seems that the script below is only willing to work properly if used
without "!".

extract($_SESSION);
if(!isset($password))
die ("Access denied");

Thanks!

Nov 8 '06 #1
2 1719
"shadowshifter" <ol***********@googlemail.comwrote in message
news:11**********************@i42g2000cwa.googlegr oups.com...
Hello,

does anybody know what the use of the exclamation mark in "!isset" is?
It is one of the basic operators, it performs a boolean NOT operation to
given value. Ie. if the value is FALSE, the NOT operator will make it TRUE,
and vice cersa, TRUE will become FALSE
It seems that the script below is only willing to work properly if used
without "!".
You are completely changing the functionality of the script to something it
was never intended.
extract($_SESSION);
if(!isset($password))
die ("Access denied");
This horrible piece of script registers all session variables as variables,
then checks weather the session variable called 'password' exists,
assumingly it is only present once the user has logged in. If it does not
exists, the script stops giving the error message 'access denied'. Once you
remove the exlamation mark, you are no longer checking weather the user is
logged in or not - in fact you are throwing out anyone who is. If this is
what you want, then you can remove the entire section of code if it is all
the same to you. Not that it was really secure in the first place...

--
"Ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" - lpk
http://outolempi.net/ahdistus/ - Satunnaisesti päivittyvä nettisarjis
sp**@outolempi.net | rot13(xv***@bhgbyrzcv.arg)
Nov 8 '06 #2
Thank you for your answer. The problem occurred in an internal
information system, accessible by only a few users. There is another
virtual host running, which needed the php.ini's session parameters
adapted. Since then the first authentication of the information system
is indeed able to authenticate the user/password and to redirect into
the "odd" script which comes up with the "access denied" message
lately.

Anyway, the only protected function is an index-update, so I won't
spend much more time on the matter.

"shadowshifter" <ol***********@googlemail.comwrote in message
news:11**********************@i42g2000cwa.googlegr oups.com...
Hello,

does anybody know what the use of the exclamation mark in "!isset" is?

It is one of the basic operators, it performs a boolean NOT operation to
given value. Ie. if the value is FALSE, the NOT operator will make it TRUE,
and vice cersa, TRUE will become FALSE
It seems that the script below is only willing to work properly if used
without "!".

You are completely changing the functionality of the script to something it
was never intended.
extract($_SESSION);
if(!isset($password))
die ("Access denied");

This horrible piece of script registers all session variables as variables,
then checks weather the session variable called 'password' exists,
assumingly it is only present once the user has logged in. If it does not
exists, the script stops giving the error message 'access denied'. Once you
remove the exlamation mark, you are no longer checking weather the user is
logged in or not - in fact you are throwing out anyone who is. If this is
what you want, then you can remove the entire section of code if it is all
the same to you. Not that it was really secure in the first place...

--
"Ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" - lpk
http://outolempi.net/ahdistus/ - Satunnaisesti päivittyvä nettisarjis
sp**@outolempi.net | rot13(xv***@bhgbyrzcv.arg)
Nov 8 '06 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: christian9997 | last post by:
Hi I don't seem to understand the way isset works. Here is some Javascript code that makes a call using PHP: // USER CAME BACK TO CHANGE LANGUAGE if (<?echo isset($_REQUEST)?>) {...
2
by: Pedro Fonseca | last post by:
Greetings everyone! I'm porting everything to PHP5. I have session variables in all of my web application. Until PHP5 I was using session variables like: if ($_SESSION == 'Bar') { $value = 5;...
9
by: wouter | last post by:
hey hi..... I wanna make a switch wich does this: if pagid is set do A, if catid is set do B, if projectid is set do C, else do D. So i was thinking something like this:
2
by: sathyashrayan | last post by:
Dear group, My question may be novice. I have seen codes where the isset() is used to test weather a user's session ($_SESSION) is set before entering a page. A kind of direct access to a page is...
2
by: yawnmoth | last post by:
<?php $var = 'test'; echo isset($var) ? 'true' : 'false'; echo '<br>'; echo isset($var) ? 'true' : 'false'; ?> Why does that result in this output?:
8
by: Giovanni R. | last post by:
Take a look at this code (you can execute it): error_reporting(E_ALL); function byVal( $v) {} function byRef(&$v) {} print '<pre>'; byVal ($first); // gives a notice
9
by: arundelo | last post by:
Is there a way to tell whether accessing a variable will result in an "Undefined variable" E_NOTICE? isset() almost does this, but it also returns false if a variable is set to null: ...
8
by: Simon Dean | last post by:
Im taking Im doing something stupid here? I thought it was clever... just learned a little more about isset. $a = (isset($_GET)) ? $_GET : (isset($_POST)) ? $_POST : ""; I guess you can see...
10
by: major | last post by:
The following code processes a blank field as though it has some value and proceeds as though it was set to some value. Apparently isset() is not working, because it thinks that a blank text...
0
by: Michael Fesser | last post by:
..oO(Daniel Molina Wegener) They have side effects or don't work properly. If the variable or element you want to check doesn't exist, then * the first and fourth will create it and set it...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: DolphinDB | last post by:
The formulas of 101 quantitative trading alphas used by WorldQuant were presented in the paper 101 Formulaic Alphas. However, some formulas are complex, leading to challenges in calculation. Take...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.