As planned, the following login form should display an error message if the captcha was entered incorrectly:

<form name="from" method="post" action="signin.php"> ... <img src="captcha.php" alt="" /> <input type="text" name="captcha"> <?php if(isset($_SESSION['error_auth'])){echo $_SESSION['error_auth'];} ?> <input type="submit" value="Вход" disabled> </form>

Checking the captcha in signin.php is as follows:

 session_start(); if ($_SESSION['generatedCaptcha'] != $inputedCaptcha) { $_SESSION['error_auth'] = 'Введённые цифры не соответствуют сгенерированным'; // ... или просто не были введены header('Location: http://example.com/singin'); exit; }

Using the debugger, I found that if the captcha was not entered, then we get into the above condition and the $_SESSION['error_auth'] variable is successfully initialized. Then, as you can see, it returns to the login page, where, according to the idea, the isset($_SESSION['error_auth']) condition must be met isset($_SESSION['error_auth']) .

However, for some reason, the $_SESSION['error_auth'] message is not displayed. What is the reason? In theory, these sessions should not be lost when returning to the login page after stopping the script.

    1 answer 1

    "With the help of a debugger, I installed" it is interesting, but you didn’t see what was in the variables themselves. Php such that 0 == false (true) or 0000 == 0 and a lot of the like. There is also === it compares types and values. Ie will not be able to get that 0 === '' type inequality. And if the session does not exist there is possibly null.

    (I re-read that with the comparison you have everything)

    "In theory, these sessions should not be lost when you return to the login page after stopping the script." True, the user session file is on the server, and the user only has a cookie identifier. (while both live sessions should work).

    When I saw what you were doing

     $_SESSION['error_auth'] = 'Введённые цифры не соответствуют сгенерированным';

    Not only noticed one

     session_start();
    • Thank you for your reply. session_start(); I have, just forgot to add to the code (just added). Unfortunately, I did not understand what corrections to make in accordance with your answer. $_SESSION['error_auth'] is of type string, and when called isset($_SESSION['error_auth']) should be returned 1 . This means that after the completion of signin.php condition if(isset($_SESSION['error_auth'])) should be met. However, either this does not happen, or the condition is fulfilled, but the assigned value has been lost somewhere. - Bokov Gleb
    • when you start working with sessions, open them. Ie before isset should be session_start () ;. they can be closed if desired (not destroyed) - Denis Kotlyarov
    • Great, now I understand! Thanks again for the reply! - Bokov Gleb