Value is POSTED definitly but isset() says NO....

[vishalonne]

Hi All

See the code give given below. I was fighting with this code since last 5 hours to know why isset() is eveluating the condition as false if value is posted exactly what it shall POST.
If I uncomment the line no. - 4,5,6,7,8 and put rest of the code from line no. 10 to 28 I can see the POSTED value .
Can Anyone help in this by any guidance or suggestion. I will be thankful.

<?php
    include 'dbconnection.php';
    include 'functions.php';
    //sec_session_start();
     //  $email = $_POST['logemail'];
     //  $password = $_POST['p'];
    //	echo $password;
    //	echo $email;
     // Our custom secure way of starting a php session. 
    
    if(isset($_POST['logemail'], $_POST['p'])) { 
       $email = $_POST['logemail'];
       $password = $_POST['p']; // The hashed password.
       if(login($email, $password, $mysqli) === true) {
          // Login success
          //$url = 'mwq';
        //echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';  
    	echo $password;
    	echo $email;
    
       } else {
          // Login failed
          header('Location: login.php?error=1');
       }
    } else { 
       // The correct POST variables were not sent to this page.
       echo 'Invalid Request Data Not POSTED';
    }

 

[vacunita]

I find it very strange that isset() is evaluating as false. Most browsers will send text inputs even when they are empty, so the values will always be set in the array. This means isset() should in fact evaluate to true always.

Additionally using isset like that equates to an &&. That is all values passed to isset must be set for it to evaluate to true. if one is not set it will evaluate to false.

Where are your values coming from? Can we see the form?

Just to confirm, if isset is evaluating to false you should be seeing the "Invalid Request Data Not POSTED" string printed to screen. Are you seeing this string?





----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[vishalonne]

Thank you Vacunita for consideration
This is index.php as you can see there are 2 forms FORM ID REGISTER is working fine without any issue

<td>
<FORM ID="Login" ACTION="login.php" METHOD="POST">
<h1>welcome to the login page</h1>
please input the login details to create an account here<br />
<table border="2">
<tr>
<td>email :</td><td><input id="logemail" name="logemail" type="text" size"30"></input></td>
</tr>
<tr>
<td>password :</td><td><input id="logpass1" name="logpass1" type="password" size"20"></input></td>
</tr>
</table>
<input type="button" value="Login" onClick="formhash2(this.form,this.form.logpass1);">
</FORM>

<FORM ID="Register" ACTION="register.php" METHOD="POST">
<h1>welcome to the registration page</h1>
please input the registration details to create an account here<br />
<table border="2">
<tr>
<td>email :</td><td><input name="regemail" type="text" size"30"></input></td>
</tr>
<tr>
<td>password :</td><td><input id="regpass1" name="regpass1" type="password" size"20"></input></td>
</tr>
</table>
<input type="button" value="Register" onClick="formhash1(this.form,this.form.regpass1);">
</FORM>
</td>

 

[vacunita]

Your form has an input called name="logpass1"

<td>password :</td><td><input id="logpass1" [COLOR=#4E9A06][b]name="logpass1"[/b][/color] type="password" size"20"></input></td>

But your isset is looking simply for "p". Shouldn't isset be checking for logpass1 also. I'm surprised PHP did not issue a warning about an invalid index 'p' for the $_POST array.

Anyway try:

if(isset($_POST['logemail'], $_POST['[b][COLOR=#4E9A06]logpass1[/color][/b]'])) {

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[vishalonne]

I am posting 'P' as a hidden field please refer this code for formhash2() -

function formhash2(form, password) {
	 // Create a new element input, this will be out hashed password field.
   alert(form.id + " " + password.value);
   var p = document.createElement("input");
       // Add the new element to our form.
   
   p.name = "p";
   p.type = "hidden";
   p.value = hex_sha512(password.value);
   // Make sure the plaintext password doesn't get sent.
   password.value = "";
   // Finally submit the form.
   form.appendChild(p);
   form.submit();
}

 

[vacunita]

Ahh, yes.. the hash.

O.K. I can't replicate your problem.

You say the top part of the code shows the correct value:

  //  $email = $_POST['logemail'];
     //  $password = $_POST['p'];
    //	echo $password;
    //	echo $email;

This, when uncommented, shows the correct logemail and hashed password 'p'?

There's no way the echo's would work but the isset evaluate to false unless, any one of the variables being checked are not there, or something is happening in between that unsets the variable.

If it does, then its even more surprising that the isset is returning a false. Is there anything else between the commented code, and the isset?
Is this your actual code? Or is it only a stripped down version?













----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[vishalonne]

If I delete the entire code from isset to the bottom and leave only this part in login.php file -

<?php 
include 'dbconnection.php'; 
include 'functions.php'; 
sec_session_start(); 
echo var_dump($_POST); 
print_r($_REQUEST); 
?>

See the output
array(3) { ["logemail"]=> string(6) "ankush" ["logpass1"]=> string(0) "" ["p"]=> string(128) "704d3e76a26e1c6e99e8ca31237eb400cf2cb38b9712f22ee49ec4831bd974a37ef68fd3a8ee265b9a90cb2c07006c114db59fccd93cc0a36458f9d3f04773ea" } Array ( [logemail] => ankush [logpass1] => [p] => 704d3e76a26e1c6e99e8ca31237eb400cf2cb38b9712f22ee49ec4831bd974a37ef68fd3a8ee265b9a90cb2c07006c114db59fccd93cc0a36458f9d3f04773ea )

 

[vacunita]

That confirms the values are present. In which case there's no physical way the isset() would ever evaluate to false.

So we need to come back to your first statement:

I was fighting with this code since last 5 hours to know why isset() is evaluating the condition as false if value is posted exactly what it shall POST.

No offense intended, but why do you think its evaluating to false? I suspect you think its evaluating to false, when it really isn't. As everything so far points to it having to be true.




----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech