Solved

== not working the way Id expect it

Posted on 2016-07-19
7
48 Views
Last Modified: 2016-07-26
Im trying to test if a variable is the same as another vairable:-
if ($_SESSION['loggedIn'] == $authKey) {

Open in new window


Which its saying it is, however it shouldn't, to debug I added:-
		echo "authKey = " . $authKey . "<br/>";
		echo "SESSION loggedIn - " . $_SESSION['loggedIn'] . "<br/>";

Open in new window


Which returns:-

authKey = 5f8e4f8b-f7db-4c6c-8beb-0336a7e1b443
SESSION loggedIn - 1

And then to test further I used:-
		if ($_SESSION['loggedIn'] == $authKey) {
			echo "T";
		} else {
			echo "F";
		}

Open in new window


Which returns T.

I dont understand why its returning that it is the same, when it isnt.

Any ideas how to fix it and why its happening?
0
Comment
Question by:tonelm54
7 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41718998
These isolated fragments of code are probably masking the problem, which will be better represented by the SSCCE (a sample that demonstrates the error, one we can install and run).  There is nothing inherently wrong in your code as you've shown it here, but this is not a code problem, it is a data-dependent problem, so we would need to see the origins of the data (variables) that are in play.  Are you using session_start() on all pages?

Useful references:
http://php.net/manual/en/types.comparisons.php
http://php.net/manual/en/language.operators.comparison.php
http://php.net/manual/en/language.types.type-juggling.php

Please see: https://iconoun.com/demo/temp_tonelm54.php
<?php // demo/temp_tonelm54.php
/**
 * https://www.experts-exchange.com/questions/28958236/not-working-the-way-Id-expect-it.html
 *
 * An Example SSCCE
 * http://sscce.org/
 *
 * Note that there is no session_start() statement in this example.  Not needed for this test.
 *
 */
error_reporting(E_ALL);
echo '<pre>';


// ASSIGN OUR TEST VARIABLES
$authKey = "123";
$_SESSION['loggedIn'] = "123";

// SHOW OUR TEST VARIABLES
echo "authKey = " . $authKey . "<br/>";
echo "SESSION loggedIn - " . $_SESSION['loggedIn'] . "<br/>";

// USE OUR TEST VARIABLES
if ($_SESSION['loggedIn'] == $authKey) {
	echo "T";
} else {
	echo "F";
}

Open in new window

Outputs:
authKey = 123
SESSION loggedIn - 123
T

Open in new window

0
 
LVL 31

Expert Comment

by:Marco Gasi
ID: 41719009
Because, when you compares a number with a string, the string is converted in a number; any string which doesn't start with a number is converted to 0, the other to 1, so your comparison is

if 1 == 1 -> true

Replace equal operator == with identical operator === to avoid this issue.

But your code doesn't make sense to me because you're comparing a boolen value (loggedin which can be 0 or 1) with a string which represents a token so you'll always get false. You should change the logic and store ina  cookie or in the $_SESSION array the authKey when it is assigned and then perform your comparison against the coockie or the $_SESSION value
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41719015
@Marco: I don't see it that way.  Check out this example.  That's why I think we are missing an important piece of the puzzle.

Please see: https://iconoun.com/demo/temp_tonelm54_FALSE.php
<?php // demo/temp_tonelm54_FALSE.php
/**
 * https://www.experts-exchange.com/questions/28958236/not-working-the-way-Id-expect-it.html
 *
 * An Example SSCCE
 * http://sscce.org/
 *
 * Note that there is no session_start() statement in this example.  Not needed for this test.
 *
 */
error_reporting(E_ALL);
echo '<pre>';


// ASSIGN OUR TEST VARIABLES
$authKey = "5f8e4f8b-f7db-4c6c-8beb-0336a7e1b443";
$_SESSION['loggedIn'] = "1";

// SHOW OUR TEST VARIABLES
echo "authKey = " . $authKey . "<br/>";
echo "SESSION loggedIn - " . $_SESSION['loggedIn'] . "<br/>";

// USE OUR TEST VARIABLES
if ($_SESSION['loggedIn'] == $authKey) {
	echo "T";
} else {
	echo "F";
}

Open in new window

Outputs:
authKey = 5f8e4f8b-f7db-4c6c-8beb-0336a7e1b443
SESSION loggedIn - 1
F

Open in new window

That aside, the correct (working) design for PHP client authentication is shown in this article:
https://www.experts-exchange.com/articles/2391/PHP-Client-Registration-Login-Logout-and-Easy-Access-Control.html
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 31

Expert Comment

by:Marco Gasi
ID: 41719017
Wooops, I see...
1
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41719683
One of the thing that "session_start()" does is create or find the file that session data is stored in.  While it may not affect this simple demo, it is never a good idea to try to use $_SESSION variables without it.  You certainly can't expect to store any $_SESSION variables without it and expect them to be there on a second page.
1
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 41719869
Dave: Agreed, 100%, and that's why I asked about it right at the top.

In any real-world example session_start() would be a common-sense thing to do, but it's not necessary in this instance, and I didn't include it to avoid cluttering up my session with E-E test data.  I did, however, make note of this in the script comments, since it's one of those things that requires explanation.
0
 

Author Closing Comment

by:tonelm54
ID: 41729300
Weirdly, my code still doesn't produce the right answer, but when I run yours it does, so must be something weird happening somewhere else thats throwing it off. Its only POC anyways
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now