0

I am trying to use Zend_Session_Namespace to help me with the task of changing a user's password. To this purpose, I need to store some values of their GET request when they first visit the reset page. I'd like to do that with Zend_Session_Namespace. Then, I want to update the user's password in their post request (from the same page) using the values I saved in Zend_Session_Namespace. The problem is the values saved in Zend_Session_Namespace are null when I access them. However, I can still do the job with the typical $_SESSION variable. Does anyone know where I'm wrong? Am I missing some tip about using Zend_Session_Namespace? Do I need to use Zend_Registry or something to that effect?

My code for the action is as follows: 

/**
 * This handles password change
 */
public function changepasswordAction() {        
    $passwordForm = new Advancedsms_Form_ChangePassword();
    $this->view->form = $passwordForm;

    //If it is NOT post, the user has to provide recovery code and phone number
    if(!$this->getRequest()->isPost()) {
        $phone = filter_input(INPUT_GET, 'phone', FILTER_SANITIZE_URL);
        $recovery = filter_input(INPUT_GET, 'recovery', FILTER_SANITIZE_URL);
        $this->session= new Zend_Session_Namespace('RecoverySession');
        $this->session->phone= $phone;
        $this->session->recoveryCode = $recovery;   
        print_r($this->session);
        $_SESSION['phone'] = $phone;
        $_SESSION['recovery'] = $recovery;
    }
    if($this->getRequest()->isPost()) {            
        $params = $this->getRequest()->getParams();
        print_r($params);
        echo 'phone: ' . $this->session->phone .PHP_EOL;
        echo 'recovery: ' . $this->session->recoveryCode . PHP_EOL;
        echo $_SESSION['phone'] . ',' . $_SESSION['recovery'];
    }
}
Mehdi Haghgoo
  • 3,144
  • 7
  • 46
  • 91

1 Answers1

1

You need to move this line:

$this->session= new Zend_Session_Namespace('RecoverySession');

to before the if statements. At the moment your echo 'phone: ' . $this->session->phone line will do nothing because $this->session is not set on POST requests.

You should always write PHP code with the PHP error level at its most verbose, which would show warnings for issues like this.

Tim Fountain
  • 33,093
  • 5
  • 41
  • 69
  • But, the first request is get because phone and recovery are url parameters. So, why shouldn’t it set the session? – Mehdi Haghgoo Sep 12 '18 at 13:19
  • I'm not sure I understand your question. The first request should store the phone and recovery parameters. I'm only suggesting moving the line where you create the namespace object. On POST requests you are referring to `$this->session` but that variable doesn't exist. (The data will be in the session, but the namespace object you're using to access that data has not been declared.) – Tim Fountain Sep 12 '18 at 13:28
  • You mean i need to instantiate Zend_Session_Namespace again every time I need to access it? – Mehdi Haghgoo Sep 12 '18 at 15:06
  • 1
    Yes. `Zend_Session_Namespace` just provides a way to access data stored in `$_SESSION`. Creating a new instance of it does not reset any data already there. – Tim Fountain Sep 12 '18 at 16:26