Geek asks and answers

Local variable overwrite session variable in PHP

Hi I am having a problem with a PHP page: I am writing a small CMS using this tutorial. I manage to write a class that I use to interact with the menu, and everything works well: I can insert, delete and receive all menu items on the page where I can reorder them. When I started writing the same page for users, I ran into a problem: I use the Sentry class to check users on each page:

require_once('../includes/Sentry.php');  
$theSentry = new Sentry();  
if (!$theSentry->checkLogin(1) ){ header("Location: index.php"); die(); }

Now: if I use only this check, the page works fine, but I need to query the database and retrieve all the users on the user_admin.php page:

require_once('../includes/DbUser.php');
$user_connector = new DbUser();
$all_users = array();
$all_users = $user_connector->getUserArray();
foreach($all_users as $id => $user){ echo " ... " };

If I comment on one of the two sections, everything works fine, but if I leave this code running together, the page will be created correctly, but the next time I start the page using the Sentry class, I will be redirected to the page login with an error. The Sentry class uses the Validator class to validate credentials, and the method in this class reports an array input instead of a single value input.

My question is: how is it possible that two different objects created from two different classes can interact with the creation of such a problem? I think you need the code of two methods:

class Sentry {

...

function checkLogin($group=9,$user='',$pass='',$goodRedirect='',$badRedirect='') {
        // Include database and validation classes, and create objects
        require_once('DbConnector.php');
        require_once('Validator.php');
        $validate = new Validator();
        $loginConnector = new DbConnector();

        // If user is already logged in then check credentials
        if ($_SESSION['user'] && $_SESSION['pass']){

            // Validate session data
            if (!$validate->validateTextOnly($_SESSION['user'])){return false;}
            if (!$validate->validateTextOnly($_SESSION['pass'])){return false;}

            if ($_SESSION['gruppo'] <= $group){
                // Existing user ok, continue
                if ($goodRedirect != '') { 
                    header("Location: ".$goodRedirect) ;
                }           
                return true;
            }else{
                // Existing user not ok, logout
                //$this->logout();
                header("Location: low_perm.php");
                die;
                //return false;
            }

        // User isn't logged in, check credentials
        }else{  
            // Validate input
            if (!$validate->validateTextOnly($user)){return false;}
            if (!$validate->validateTextOnly($pass)){return false;}

            // Look up user in DB
            $getUser = $loginConnector->query("SELECT * FROM `utenti` WHERE `usr` = '".$user."' AND `psw` = PASSWORD('".$pass."') AND `gruppo` <= ".$group." AND `attivo` = 1");
            $this->userdata = $loginConnector->fetchArray($getUser);

            if ($loginConnector->getNumRows($getUser) > 0){
                // Login OK, store session details
                // Log in
                $_SESSION["user"] = $user;
                $_SESSION["pass"] = $this->userdata['pass'];
                $_SESSION["gruppo"] = $this->userdata['gruppo'];

                if ($goodRedirect) { 
                    header("Location: ".$goodRedirect);
                }
                return true;

            }else{
                // Login BAD
                unset($this->userdata);
                if ($badRedirect) { 
                    header("Location: ".$badRedirect) ;
                }       
                return false;
            }
        }           
    }
}

And this is the function to get users:

class DbUser extends DbConnector{

...

    function getUserArray() {
        while ($row = mysql_fetch_object($this->user_result)) {
            $this->users[$row->id] = $row;
        }
        return $this->users;    
    }
}

I know this is a difficult question, so let me know if I need to point out something else ... Thanks

EDIT: the error is in the Validator class and in this function (line with preg_match ()):

function validateTextOnly($theinput,$description = ''){
    $result = preg_match ("/^[A-Za-z0-9\ ]+$/", $theinput );
    if ($result AND $theinput!=''){
        return true;
    }else{
        $this->errors[] = $description;
        return false; 
    }
}

: , , , :

$user_connector = new DbUser();
$all_users = array();
$all_users = $user_connector->getUsers();
foreach($all_users as $id => $user){ ... }

foreach : $all_user $id=>$user, $_SESSION ['user'] , ( )). - , ? : ( $id => $user $id => $userObj), . !

+3
2

, , , PHP .

- php, , ​​ $_SESSION. , $_SESSION ['user'] $user. , , $_SESSION. .

, php.ini, -, register_globals ".", -. , -, .

+5

, Autoload. , . .

: require_once ( '..//DbUser.php'); $ user_connector = DbUser();

, , , . php-. "require" "include", php " " , . Dbuser Dbuser.php . , , (, index.php root). :

function classAutoload($className){
    if (!class_exists($className, false)){
        @include_once(dirname(__FILE__).'/includes/'.$className.'.php');
}
spl_autoload_register('classAutoload');

PHP , , , , . , . , , , .

"& &" "AND" php. , , php , . , , -...

, .

0

More articles:


All Articles