在再次设置会话变量之前取消设置会话变量会导致使用时出现“未定义索引”

unsetting session variable before setting it again results in 'undefined index' on use

提问人:Jh62 提问时间:10/11/2019 最后编辑:Bartosz ZasadaJh62 更新时间:10/11/2019 访问量:134

问:

在再次设置之前,我正在取消设置一些会话变量,但我发现它们会导致使用。undefined index

我删除了在再次设置变量之前取消设置变量的行,效果很好。

我不明白为什么在重置它们之前取消设置它们会在下一页上产生。undefined index

恢复.php

<?php
@session_start();
unset($_SESSION['reco-id'], $_SESSION['reco-code']);

require_once $_SERVER["DOCUMENT_ROOT"] . "/php/autoloader.php";

if (!isset($_POST['form-recovery-submit'])) return FormUtils::redirect_with_message("Acceso inválido", "/index", true);

$id = $_POST["form-recovery-id"];

$sql = new MySQL();

if (FormUtils::checkIsEmail($id)) {
    $success = FormUtils::formValidateEmail($id);

    if (!$success['success']) return FormUtils::redirect_with_message($success["message"], "/register?reg=0", true);

    $id = $success['message'];
    $user = $sql->getUserByEmail($id);

    if (!$user) FormUtils::redirect_with_message("Ingresaste un email incorrecto o inexistente.", "/register?reg=2", true);
} else {
    $success = FormUtils::formValidateNickname($id);

    if (!$success['success']) return FormUtils::redirect_with_message($success["message"], "/register?reg=0", true);

    $id = $success['message'];
    $user = $sql->getUserByNickname($id);

    if (!$user) FormUtils::redirect_with_message("Ingresaste un usuario incorrecto o inexistente.", "/register?reg=2", true);
}


$code = "327" . random_int(1000, 9999);
$_SESSION["reco-id"] = $id;
$_SESSION["reco-code"] = intval($code);

FormUtils::sendNoReplyEmail("Recuperación de credenciales", "Ingresá el siguiente código para recuperar tus credenciales: $code", $user->getEmail());
?>

<!DOCTYPE html>
<html lang="en">

<head>
    <?php include $_SERVER["DOCUMENT_ROOT"] . '/templates/meta.php' ?>
</head>

<body>
    <?php include $_SERVER["DOCUMENT_ROOT"] . '/templates/header.php' ?>
    <div class="app">
        <div class="app-wrapper">
            <div>
                <p>Por favor, ingresá el código de confirmación que enviamos a tu email.</p>
                <form action="/php/recovery_confirm.php" method="POST">
                    <label for="recovery-code">Código de confirmación:</label>
                    <input type="text" name="recovery-code" id="recovery-code">
                    <label for="recovery-newpass">Ingresá tu nuevo password:</label>
                    <input type="text" name="recovery-newpass" id="recovery-code">
                    <button type="submit" name="recovery-code-submit">Enviar</button>
                </form>
            </div>
        </div>
        <div class="footer">
            <?php include $_SERVER["DOCUMENT_ROOT"] . "/templates/footer.php" ?>
        </div>
    </div>
</body>

</html>

recovery_confirm.php

<?php
@session_start();
require_once $_SERVER["DOCUMENT_ROOT"] . "/php/autoloader.php";

if (!isset($_POST["recovery-code-submit"])) return FormUtils::redirect_with_message("Acceso inválido.", "/index", true);
if (!isset($_POST["recovery-code"])) return FormUtils::redirect_with_message("El código no puede estar en blanco", "/register?reg=2", true);

//check password
$success = FormUtils::formValidatePass($_POST["recovery-newpass"]);

if (!$success['success']) return FormUtils::redirect_with_message($success["message"], "/register?reg=2", true);
else {
    $pass = $success['message'];
}

$id = $_SESSION["reco-id"];
$code = $_SESSION["reco-code"]; // undefined index
$verify_code = intval($_POST["recovery-code"]); // undefined index

if ($code !== $verify_code) return FormUtils::redirect_with_message("El código introducido no es válido!", "/register?reg=2", true);

$sql = new MySQL();
$conn = $sql->getConnection();

if (FormUtils::checkIsEmail($id)) {
    $query = mysqli_query($sql->getConnection(), "UPDATE `users` SET `pass` = '$pass' WHERE `users`.`Mail` = '$id';");
} else {
    $query = mysqli_query($sql->getConnection(), "UPDATE `users` SET `pass` = '$pass' WHERE `users`.`nick` = '$id';");
}


if (!$query) FormUtils::redirect_with_message("Hubo un error al actualizar tu password. Intentalo nuevamente.", "/register?reg=2", true);

$sql->getConnection()->close();
return FormUtils::redirect_with_message("Tu password ha sido actualizada correctamente!", "/register?reg=1", false);
php 会话变量 undefined-index

评论

0赞 Dharman 10/11/2019
你为什么沉默?@session_start();
0赞 Jh62 10/12/2019
谢谢你的建议。我对$id进行消毒并在$pass中进行一些字符检查,但我会切换到准备好的语句。

答:

0赞 Manish Gupta 10/11/2019 #1

如果您尝试在赋值前取消设置会话变量,它将抛出错误, 为此,您必须使用 isset() 检查是否设置了会话变量

if(isset($_SESSION['reco-id']) && $_SESSION['reco-code']){
  unset($_SESSION['reco-id'], $_SESSION['reco-code']);
}

评论

0赞 Jh62 10/12/2019
如果我在设置它们之前取消设置它们,它不会抛出错误。它只是在页面更改后使它们为 null。就像您无法在同一文档中取消设置然后重置该变量一样。

上一个:将 CodeIgniter 移动到另一台服务器

下一个:未定义索引:log_path in /