Help to clarify a simple question, I study php, I can not understand one simple thing with going to the address in the action tag.

I do this, in the auth.php file auth.php check empty input or not, if there is no old session and add auth = true to the main array

 //auth.php if (!empty($_REQUEST['test'])) { session_start(); $_SESSION['auth'] = true; } else { echo 'Пустой инпут'; ?> <form action="" method="get"> <input name="test"> <input type="submit" value="SEND"> </form> <?php }

I go to the second index.php file and check that true is displayed, the session is working at this stage, everything is clear.

 //index.php session_start(); //стартуем сессию if (!empty($_SESSION['auth'])) { echo 'true'} else { echo 'false'; }

But if I prescribe action="index.php" in the action tag in the auth.php file, then when I redirect to index.php, I get false.

As I understand it, this is due to the fact that in the first case the auth.php file auth.php read two times and as a result the session starts and in $_SESSION['auth'] writes true , and in the second case the second reading does not occur and the redirection goes right to index.php , where essentially $_SESSION['auth'] is not at all.

How to be in such a situation I can not understand

    3 answers 3

    Everything happens correctly, in the first case:

    1. you go to the auth.php page, fill in the field, hit the submit button
    2. When sending a form with an empty action browser sends a request to the current script, that is, again auth.php , the condition is met, the desired value is written to the session.
    3. you go to the index.php file, the desired value is already in session

    in the second case, you fix the action on index.php so when you submit the form, the request goes there. No form parameters are already checked, nothing is recorded in the session, since the form processing script has become different.

    If you need to transfer the user to another script after checking the form data, then the form handler should be left empty (or explicitly auth.php ), and after specifying the session values ​​programmatically redirect the request to another file

      .... $_SESSION['auth'] = true; header("Location: index.php"); exit();

    An HTTP response with code 302 will be generated, the server will send a new URL to the browser, which the browser will automatically go to.

    There should be no other data output before calling the header , or you have to clear the output buffer with ob_clean

    • I thought that approximately such a solution would be proposed. The example I proposed is far from real, but how correct is it to use in practice? - Igor Tyulkin
    • what exactly is it right? to redirect? - teran
    • Yes, redirection is not through the action form and through the header - Igor Tyulkin

    You have three files (some files can be combined into one)

    1. Form file
    2. File form handler
    3. Arbitrary file

    And then everything is simple

    • In all files, the session_start() session should always run

    • In the file, the form handlers (the one specified in the action attribute) should check the form fields and set or reset the authentication flag

       if (password_valid()) $_SESSION['auth'] = true; else unset($_SESSION['auth']);

    • If you need to check the authentication anywhere in the program, the code should be run

       if (isset($_SESSION['auth']))

      empty - Checks if a variable is empty. If you have not created $ _SESSION ['auth'] then there will be an error. Check for the existence of isset ($ _ SESSION ['auth'])

       файл index.php session_start(); // если есть сесия if(isset($_SESSION['auth'])){ echo 'true'; } // иначе - подключаем форму else{ include 'auth.php'; } файл auth.php // Если есть переданный из формы пароль if (isset($_POST['password'])) { $_SESSION['auth'] = true; } else { // иначе выводим форму echo 'Пустой инпут'; // не передавайте пароли в адресной строке. это плохая практика. // Также првоеряйте имена передаваемых и получаемых переменных. Если передаём пароль то и получать должны пароль. // Вы же передавали поле с именем test, а пытались получить $_REQUEST['password'] ?> <form action="" method="post"> <input name="password"> <input type="submit" value="SEND"> </form> <?php }