-1

Possible Duplicate:
PHP: “Notice: Undefined variable” and “Notice: Undefined index”

Had code that was working fine. Had to reboot the server and now it doesn't work.

I have this at the start of the "landing" page (this is the page users get to after their password is validated)

<?PHP session_start(); ?> 
<html><head> 
<title>Welcome</title> 
</head><body> 
<?PHP $_SESSION['valid']='TRUE'; ?> 

... code and HTML ... 

</body></html>

When I do a print_r I get 

"Array([valid] => TRUE)"

On all my subsequent pages I have 

<?PHP session_start(); ?> 
<html> 
<head><title>Page Title</title> 
</head> 
<body> 
<?php 
/// Kick them out if they try to open this page directly 
if ($_SESSION['valid']!='TRUE') { 
session_destroy(); 
die("<b>You must be logged into this application to use it</b>"); 
?> 

... code and html ... 

</body></html>

This was working fine before, but now I get:

Notice: Undefined index: valid in C:\inetpub\wwwroot\usermanager\selectuser.php on line 9

You must be logged into this application to use it.

When I put a debugging statement in with print_r I just get "Array()" for the value of $_SESSION.

Why isn't it working anymore?!? I've been tearing my hair out for four hours now trying to figure this out. NOTHING has changed in the code and it was working.

Community
  • 1
  • 1
Scott Thayer
  • 39
  • 3
  • So it was working before what? Did you upgrade PHP, change servers, modify temporary directories, or anything like that? – Ry- Nov 20 '12 at 19:40
  • His code doesn't work because the valid variable hasn't been set yet, so PHP can't reference it. – Felix Guo Nov 20 '12 at 19:41
  • Changing "TRUE" to TRUE didn't fix anything. Just as a test, I put in a string variable: $_SESSION['teststring'] = "hello world" and when I go to subsequent pages and try to "echo $_SESSION['teststring']; I get the Undefined index: teststring error – Scott Thayer Nov 20 '12 at 19:41
  • MrXenotype, Looks like it's being set in the first file to me? – Jason Nov 20 '12 at 19:42
  • The code would work fine on a server where `error_reporting` was set to exclude `E_NOTICE`. I'm assuming you switched servers or changed some config stuff. – cHao Nov 20 '12 at 19:43
  • see http://stackoverflow.com/questions/13480757/php-code-suddenly-stopped-working for additional details – tereško Nov 20 '12 at 19:43
  • @Jason The problem is that when he is viewing the page/testing the page, he might not have visited the first page and the variable had not been set yet. That's the problem. Therefore it's better to use `isset()` or `empty()`. – Felix Guo Nov 20 '12 at 19:44
  • We had a power outage. The servers were shut down. My web ap was running an a VM machine. The VM machine was recreated from a backup. The code stopped working at this point. Thanks. – Scott Thayer Nov 20 '12 at 19:45
  • P.S What I'm trying to do is stop users from going directly to my web pages via their URL's and force them to go through landing.php instead. Is $_SESSION not the best way to do this? – Scott Thayer Nov 20 '12 at 19:50
  • @MrXenotype: No, this error occurs AFTER I've visited the first page. What I'm trying to do is to prevent users from browser back and forward after they've been logged out of my application. – Scott Thayer Nov 20 '12 at 19:51
  • I see, so just use the `!isset` function and if it shows the error, then you have a problem with the variable. – Felix Guo Nov 20 '12 at 20:00

5 Answers5

2

That's right. $_SESSION is indeed an array of session variables that you store. Your second code doesn't work because technically, there is no valid variable in your $_SESSION array. It's better to use: if(!isset($_SESSION['valid'])) instead.

Felix Guo
  • 2,700
  • 14
  • 20
  • Or, `if (empty($_SESSION['valid']))`, which will also work if `$_SESSION['valid']` is set but false. – cHao Nov 20 '12 at 19:41
  • So am I completely misunerstanding the use of session variables, i.e. as a way to pass values from one page in an application to another? I guess I could use hidden form fields instead and POST them. – Scott Thayer Nov 20 '12 at 19:48
  • What I'm trying to do is to prevent users from bypassing security by going to a PHP page directly from its URL, i.e. making them go through landing.php first. – Scott Thayer Nov 20 '12 at 19:49
  • No, you're understanding it fine. That's how session variables work, you can pass them through. The problem is that think about this: if you logout, then the user presses back to reach this page, the session would have been ended already and that variable wouldn't exist. So just use `isset()` and you'll be fine. – Felix Guo Nov 20 '12 at 19:59
0

The notice is telling you there is nothing set at that index, hence Undefined Index

one way you can fix this is by using isset() to check if the variable has been set before you make a comparison or grab a value from it.

if (!isset($_SESSION['valid'])) { 
    session_destroy(); 
    die("<b>You must be logged into this application to use it</b>"); 
?>

http://www.php.net/manual/en/function.isset.php

You might also want to check your session folder is writable (usually /tmp/)

if (!is_writable(session_save_path())) {
    echo session_save_path().'" is not writable!'; 
}
Oliver Atkinson
  • 7,970
  • 32
  • 43
  • Thanks, but why isn't it being set? Isn't the purpose of a session variable to pass a variable across all web pages? – Scott Thayer Nov 20 '12 at 19:44
  • because you only set the variable to be true after someone has logged in / visited the other page - what happens if the value is not there. i.e. login expired or user that isnt logged in tries to access page. – Oliver Atkinson Nov 20 '12 at 19:47
  • but the error STILL occurs even if they HAVE visited the other page. That's the problem. I go to page one, the session variable gets set, then click a link to go to page two--still in the same session--but the variable is gone. – Scott Thayer Nov 20 '12 at 19:52
  • @ScottThayer maybe the session path is not writable, what happens when you try set `$_SESSION['test'] = '0';` and try access it on another page? – Oliver Atkinson Nov 20 '12 at 19:57
  • Same error. See my own answer I posted with stripped down code below. I'm not a server guy. Where is the session path stored? How do I change it? – Scott Thayer Nov 20 '12 at 20:20
  • session path is a php function, just copy and paste the code into your php file, @ScottThayer – Oliver Atkinson Nov 20 '12 at 20:35
0

You could change the if statement to:

<?php 
if isset($_SESSION['valid']) && $_SESSION['valid'] == 'TRUE' ; ?>

But why are you using the string 'TRUE' to represent something that php has on board in the predefined boolean true?

Kris
  • 40,604
  • 9
  • 72
  • 101
  • True (no pun intended). Am new to PHP so just used a string value, but the same thing happens no matter what. If I do $_SESSION['testvalue'] = "Hello World" on page 1, when the user clicks the link and goes to page two, "echo $_SESSION['testvalue']" spits out the undefined index testvalue message instead of printing "Hello world"! – Scott Thayer Nov 20 '12 at 19:54
0

Thanks to all who responded. Turns out it was a problem with the session store.

There were a whole bunch of garbage files in there. We have our web servers on several Virtual Machines and a couple others on the same machine were having problems.

We moved the entire web site to a new VM and it's working fine now.

I did learn the value of isset() though, so the day hasn't been a total waste.

Thanks for your help all! Happy Thanksgiving

Scott Thayer
  • 39
  • 3
0

Thanks to all who responded. Turns out it was a problem with the session store.

I looked at the path, which was correct, but when I physically went there on the machine, it was full of garbage files and filenames with bad characters in them. We have various web servers running on several Virtual Machines on the same overall server, and a couple others in different areas had problems too.

We moved the entire web site to a new VM and it's working fine now.

I did learn the value of isset() though, so I can now display errors not just to people who logged out but to those who never logged in in the first place, so the day hasn't been a total waste.

Thanks again for your help and Happy Thanksgiving

Scott Thayer
  • 39
  • 3