On Mon, 26 Jul 2004 02:32:34 GMT, Michael Austin
<ma*****@firstdbasource.com> wrote:
Chung Leong wrote: "Dan" <ag***@thwackspam.fathom.org> wrote in message
news:5c********************************@4ax.com...
I was trying to troubleshoot a login page that doesn't work - it keeps
saying the login/password is missing - when my tracing discovered this
peculiar behavior.
register_globals is off, so at the top of my script I assign a few
variables to incoming GET and POST values.
$login = clean($_POST['login'], 30);
$passwd = clean($_POST['passwd'], 30);
$message = $_GET['message'];
clean() is simply a function that trims to the specified length and
applies EscapeShellCmd().
Now, below that I have an if statement to check for whether a
login/password has been supplied or if an error message exists.
if (isset($message) || empty($login) || empty($passwd))
{
// render the html page showing the form
} else {
// do some php/mysql stuff and redirect to another page
}
Yet when I fill out those form fields and submit, it always redisplays
the form with my tracing errors stating that those fields are empty.
When I echo out all $_GET and $_POST variables, indeed they are empty,
and strangely there is a $_GET['message'] that has no value, but
nevertheless is on the end of the url. (/index.php?message=) I can't
figure out how it got there. The form action is just "index.php" and
it uses the POST method, so what could be adding that GET variable?
Now here's the weird part. If I simply add "1 ||" to the beginning of
that if statement, so basically it will always evaluate to true, then
suddenly the $_POST['login'] and $_POST['passwd'] are properly defined
and $_GET['message'] goes away!
So this makes me wonder, are the isset() and empty() functions
actually modifying the variables passed to them somehow? And when I
put a true value in front of them, the if statement stops parsing
before it gets to those functions?
Bet you a banana cupcake that your HTML is screwed up.
and how exactly are you sending both a _GET and _POST at the same time. A form
action can be EITHER GET or POST but not both. show us the complete <form> tag.
if you are POSTing your login/pass with a message then shouldn't you be looking
for _POST['message'] not _GET['message']
First let me say I've solved the problem. Some code in an included
php file looked like this:
if (!isset($_SESSION['user']))
// redirect to the login page
$message = "There was a problem logging in.";
header("Location: index.php?message=" . urlencode($message));
Originally, the if statement was only followed by a single statement,
and as such, it was not enclosed in code block {brackets}. A second
line was later added, but I didn't notice the brackets were missing.
(I was modifying code that wasn't mine. I would only leave out the
brackets if the entire if statement is all on one line to avoid
exactly this confusion.) As a result, the second line was executed
because it's outside of the control structure, but the first line was
not. (And since my login code was otherwise working, the if always
evaluated to false and left $message undefined.)
To answer the question about sending both _GET and _POST at the same
time, it's possible. If the form uses the POST method, but the action
includes ?var=value stuff in the url, you get both.
However, in my case, I wasn't trying to do that, which is why I was
confused as to where the _GET message was coming from. I also
couldn't figure out where my POST login/password values were
disappearing to. Alas, all the code I was messing with and putting
trace calls into was working fine all along, and it was this included
file that was redirecting with the empty ?message=.
Since this was not screwed up HTML, I believe someone owes me a banana
cupcake. :)
$cupcake = irradiate($_GET['cupcake']); //just to be safe ;)