×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

why isn't conditional statement working??

why isn't conditional statement working??

why isn't conditional statement working??

(OP)
Hi,
I asked a question about Tokens earlier. After debugging I've found the reason as to why my program isn't working. It's related to this statement:

CODE -->

if($token == $_SESSION['token'])
     { ........; 
       return true;
     } 

$token is generated in form using md5(uniqid()). When I echo both $token and $_SESSION['token'] before the if statement they both turn out to be the same. Yet for some reason the if statement is not being satisfied and is not returning true as it's supposed to do. (I've tried $token === $_SESSION['token'] as well.) I don't know if some kind of type casting or other is required for the conditional statement to work. Would be grateful for any suggestions.

RE: why isn't conditional statement working??

Hi

A leading/tailing newline somewhere ? See whether trim($token) == trim($_SESSION['token']) works.

Feherke.
feherke.ga

RE: why isn't conditional statement working??

(OP)
Hello,
Many thanks for the reply. I've used trim() but it's not solving the problem. I used var_dump() on both values and the following is obtained:

string 'be33cfc1f0eed02e8176d7281975b05e' (length=41)

string 'be33cfc1f0eed02e8176d7281975b05e' (length=32)

If there are any extra white-space/non-printing characters I don't know how to locate and remove them. Could you please suggest a solution.

RE: why isn't conditional statement working??

so one of them (the first) contains a bunch of non-printing characters. we know this because it is 41 chars long and only 32 are printed.

you have not told us which nor how they are stored nor how they are submitted. so it is difficult to tell you why (charset clashes perhaps). i would want to see the whole code you use for generating and validating and a dump of the server vars and post vars at each point.

RE: why isn't conditional statement working??

(OP)
Hello,
I have included the following code that is relevant to the problem described above:

CODE -->

<?php

    class Token
    {  public static function generate()
       {  return Session::put('token'), md5(uniqid()));
       }

       public static function check($token)
       { $tokenName = 'token';

         if(Session::exists($tokenName) && $token ===
Session::get($tokenName))
         { Session::delete($tokenName);  
           return true;
         }
         return false;
       }
    }
///////////////////////////////////////////////////////////////
      class Session
      {
         public static function exists($name)
         { return (isset($_SESSION[$name])) ? true : false;
         }

         public static function put($name, $value)
         { return $_SESSION[$name] = $value;
         }

         public static function get($name)
         { return $_SESSION[$name];
         }

         public static function delete($name)
         { if(self::exists($name))
           { unset($_SESSION[$name]);
           }
         }
///////////////////////////////////////////////////////////////
    class Input
    {  
       public static function get($item)
       { if(isset($_POST[$item]))
         { return $_POST[$item];
         }
         return '';
       }
    }
//////////////////////////////////////////////////////////////

   if(isset($_POST['username']) && isset($_POST['password']))
   { if(Token::check(Input::get('token')))
     { $validate = new Validate();

       $validation = ................;

       if($validation->passed())
       { $user = new User();

         $login = $user->login(Input::get('username'),
Input::get('password'));

         if($login)
         { echo 'Success';
           Redirect::to('index.php');
         }
         else
         { echo 'Sorry, login failed!';
         }
       }     //validation passed
       else
       { foreach($validation->errors() as $error)
         { echo $error, '<br>';
         }
         echo "<script> setTimeout(\"location.href =
'index.php';\",30000); </script>";
       }
     }
   }
?>

<form action="" method="POST">
<P>
  <label for="username">Username</label>
  <input type="text" name="username" id="username"

autocomplete="off">
</P>
<P>
  <label for="password">Password</label>
  <input type="password" name="password" id="password"

autocomplete="off">
</P>
<P>
  <input type="hidden" name="token" value="<?php echo

Token::generate(); ?>">
  <input type="submit" value="LOG IN">
</P>
</form> 

This is what 'view source' in the browser of the var_dump() output shows:

CODE -->

<pre class='xdebug-var-dump' dir='ltr'><small>string</small> <font color='#cc0000'>'e62862d9f9ce6cd41fc7873c53683108'</font> <i>(length=41)</i>
</pre><br><pre class='xdebug-var-dump' dir='ltr'><small>string</small> <font color='#cc0000'>'e62862d9f9ce6cd41fc7873c53683108'</font> <i>(length=32)</i>
</pre><br>
<form action="" method="POST">
<P>
<label for="username">Username</label>
<input type="text" name="username" id="username" autocomplete="off">
</P>
<P>
<label for="password">Password</label>
<input type="password" name="password" id="password" autocomplete="off">
</P>
<P>
<input type="hidden" name="token" value="695d40eec4673a3b8a36493c67cdfbd4">
<input type="submit" value="LOG IN">
</P>
</form> 

RE: why isn't conditional statement working??

What version of PHP is your server running??

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: why isn't conditional statement working??

(OP)
Hi, It's PHP Version 5.5.12

RE: why isn't conditional statement working??

i cannot see the code that is creating the output of the token in your debug bit at the top.

where is that charset set for the form? and for the html file? is there congruency?

RE: why isn't conditional statement working??

(OP)
Hi,
I tried using accept-charset="utf-8" in:
<form action="" method="POST" accept-charset="utf-8">
It did not make any difference.

Quote:

i cannot see the code that is creating the output of the token
Is this the bit you're referring to:

CODE -->

public static function check($token)
       { $tokenName = 'token';

echo var_dump($token)."<br>";
echo var_dump($testing)."<br>";

         if(Session::exists($tokenName) && $token ===
Session::get($tokenName))
         { Session::delete($tokenName);  
           return true;
         }
         return false;
       } 

RE: why isn't conditional statement working??

(OP)
Sorry, I don't know how to edit thread here, but above in check()
$testing = Session::get($tokenName);

RE: why isn't conditional statement working??

is the page in utf-8 aswell?
there is an error in your token::generate() method (there is an extra close-bracket in there that is probably throwing some errors. I find it difficult to believe that the code was generating anything meaningful in fact. thus there is a doubt that you were posting the precise rendered html in each case.

CODE

public static function generate(){  
    return Session::put(  'token', 
                          md5(uniqid())
                       );
} 

RE: why isn't conditional statement working??

(OP)
Hello,
Many thanks for the reply. I managed to output bytes in the two strings and this is the output I'm getting for '$token':

ef bb bf ef bb bf ef bb bf 39 31 64 32 61 66 63 31 63 61 38 63 39 32 39 66 62 63 63 35 35 61 36 38 37 31 65 36 37 33 65 61

and for '$testing':

39 31 64 32 61 66 63 31 63 61 38 63 39 32 39 66 62 63 63 35 35 61 36 38 37 31 65 36 37 33 65 61

I can see where the extra bytes are but how do I remove the extra bytes in the longer string permanently?

RE: why isn't conditional statement working??

ef bb bf are the sequence of bytes that make up the Byte Order Mark (BOM) of UTF-8 character-set documents.



Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.
Webmaster Forum

RE: why isn't conditional statement working??

again: make sure that every aspect of your site uses the same character set.

RE: why isn't conditional statement working??

Is it possible that you didn't put session_start() and it is not seeing the session variable correctly?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close