I'm working on an registration system in PHP and am running into an issue. The users are inserted into the database as intended. Next, a token (just a hash of a random value) is attached to a url along with the user id, and this url is emailed to the user's email so they can verify it.
For example user 128 has this verification URL: localhost/fPASS/?page=verify_email&id=128&token=4a629a13871cf6d354984abdfd990783
Note the user id in the url is correctly noted as 128. If I visit the link, the script correctly compares the id and token with the database and changes email_verified to 1.
The problem is that if I try to register another user, the url is regenerated with the id and token for user 128 instead of 129... Unless I clear my cookies. Now the url uses session variables to determine the id and token, so it seems they aren't updating properly. The registration function, however, always reassigns the variables if there are no errors (which there aren't):
// if there are no errors, redirect to success page
if (!isset($errors))
{
// send the email address on to the next page in case the verification email needs to be re-sent
$_SESSION['email'] = $safe['email'];
$_SESSION['account_id'] = $account_id;
$_SESSION['token'] = $token;
header('Location: http://localhost/fPASS/?page=reg_success');
}
The reassignments don't seem to be taking effect though. What could cause the original assignments to get "stuck" in the session variables?
Please check if you've included session_start(); in your php. Then, try echo your session variables or the assignment variables *before redirecting it*. This will help you in debugging easily.
session_start(); needs to be included on each page you intend to use the session.
Use this code to view what is currently stored in the session on each page load:
<?php
session_start();
var_dump($_SESSION);
?>
NOTE: sesison_start(); needs to be set before any headers and so it's best practice to have it at the top of your page.