Debugging PHP validation script

Question

I'm building a micro-site, and am having trouble with the password reset behavior.

There is a form that asks the user for their password twice. I'm not being a password nazi, and the only requirement is that the password be greater than 5 characters. On submit, the form data is added to the $_POST array and is sent to a setPass function in my site-wide php function script.

The function is

function setPass(){
    $link= connectDB();

    $query= "select * from People where Username='" . $_SESSION['name'] . "' Limit 1";
    $result= $link->query($query);

    if ($result->num_rows==0){
        $_SESSION['status']= 'invaliduser';
        header("location: ../index.php");
    } else {
        $first = $_POST['firstPass'];
        $second = $_POST['secondPass'];

        if (($first == $second) && (strlen($first) > 5)){
            $password = sha1($first);
        }
    }
}

I'm leaving out the database insertion code in this example.

My issue is that this script echo $_SESSION['name'] . " and password: " . $first; included in the page body prints out the username, but returns an unidentified variable: first warning. This also happens when I try to access the variable $password.

Earlier testing has shown that the first conditional is true, as the page is not redirected.

So what is causing the failure of execution in the else block?

I don't see an `echo` in your code there... where are you trying to `echo`? Are you doing it inside your `setPass` function or outside? — Ryan P, Feb 24 '12 at 19:17
I added some HTML header and body tags to the php page where the setPass function is. That's where the echo tag is. — Jason, Feb 24 '12 at 19:21
Yeah, if you're trying to access those variables outside the `setPass` function then you're out of scope. Use globals or `$_SESSION`, like the answers below. — Ryan P, Feb 24 '12 at 19:25
@Jason, is there a reason you need the var $first to be set? If not, all you need is to add `return true;` and `return false;` to get the confirmation. — AlexC, Feb 24 '12 at 19:32

score 4 · Accepted Answer · answered Feb 24 '12 at 19:19

Since you set $first and $password inside the setPass function, they are not available outside the body of same.

You should use the global keyword or, possibly better, return the values from the function if you wish to use them outside.

This concept is called the scoping of variables. These variables have local scope within the function. See here for a comprehensive description of scoping in PHP.

score 2 · Answer 2 · edited May 23 '17 at 12:20

2

You say that you're echoing in the body of the script? You defined the variable inside a function, so unless you set it as global(generally not a good idea, see PHP global in functions), $first really doesn't exist.

edited May 23 '17 at 12:20

Community

1
1

answered Feb 24 '12 at 19:20

AlexC

1,031
12
23

Anton · Answer 3 · 2012-02-24T19:31:28.887

1

It looks to me like a problem with scopes. You might want to try to use either session or more preferably global variables.

Check this out for more info: http://php.net/manual/en/language.variables.scope.php

[EDIT]

Or even better, return $first from the function like Borealid suggested.

edited Feb 24 '12 at 19:31

answered Feb 24 '12 at 19:20

Anton

1,387
2
9
21

Debugging PHP validation script

3 Answers3