SESSION variable not functioning correctly

Question

So here's the issue. After the first won/failed game, when trying to play a new game the first input works and shows SESSION attempts 0. On submit it says SESSION attempts 4. The only additive is $_SESSION['attempts'] = $_SESSION['attempts'] + 1; and only once is the SESSION int set.

Here's the code. Self-made. Feel free to use it if you want. A combo guessing game.

if(!$_SESSION){

    session_start();

}

echo '<!DOCTYPE html><html lang="en"><head><title>Guess the Combo</title></head><body><h1>Pick The Right Combo</h1>';


if($_POST){
    
    if($_SESSION['attempt'] == 0){

        $_SESSION['one'] = rand(0,9);
        $_SESSION['two'] = rand(0,9);
        $_SESSION['three'] = rand(0,9);
        $_SESSION['four'] = rand(0,9);

    }elseif($_SESSION['attempt'] > 0 && $_SESSION['attempt'] < 5){
        

        if($_SESSION['attempt'] = 4){

            echo 'You have exceed the max amount of attempts. <a href="unlock-combo.php">play again</a>.The correct code was <b>'.$_SESSION['one'].''.$_SESSION['two'].''.$_SESSION['three'].''.$_SESSION['four'].'</b> Attempts <b>'.$_SESSION['attempt'].'';
            session_unset();
            exit;

        }

        
    }elseif($_SESSION['attempt'] > 4){

        echo 'You have exceed the max amount of attempts. <a href="unlock-combo.php">play again</a>.The correct code was <b>'.$_SESSION['one'].''.$_SESSION['two'].''.$_SESSION['three'].''.$_SESSION['four'].'</b>';
            session_unset();
            exit;

    }else{

        echo 'System error<br>';

    }
    
        $_SESSION['one'] = strval($_SESSION['one']);
        $_SESSION['two'] = strval($_SESSION['two']);
        $_SESSION['three'] = strval($_SESSION['three']);
        $_SESSION['four'] = strval($_SESSION['four']);
        $_POST['one'] = strval($_POST['one']);
        $_POST['two'] = strval($_POST['two']);
        $_POST['three'] = strval($_POST['three']);
        $_POST['four'] = strval($_POST['four']);
        
        $code = $_SESSION['one'];
        $code .=$_SESSION['two'];
        $code .=$_SESSION['three'];
        $code .=$_SESSION['four'];
        $code_array = array($_SESSION['one'],$_SESSION['two'],$_SESSION['three'],$_SESSION['four']);


    if(isset($_POST['one']) && is_numeric($_POST['one'])){

        echo '<form action="http://stomps.great-site.net/unlock-combo.php" method="POST"><table><tr>';

        
        $_POST['one'] = strval($_POST['one']);
        $_POST['two'] = strval($_POST['two']);
        $_POST['three'] = strval($_POST['three']);
        $_POST['four'] = strval($_POST['four']);

        if(isset($_POST['one']) && $_POST['one'] == $_SESSION['one']){

            echo '
            <td>
                <input type="number" name="one" min="0" max="9" value="'.$_POST['one'].'" style="background-color : green;" readonly>
            </td>
            ';


        }elseif(isset($_POST['one']) && in_array($_POST['one'],$code_array)){

            echo '
            <td>
                <input type="number" name="one" min="0" max="9" value="'.$_POST['one'].'" style="background-color : yellow;" required>
            </td>
            ';
            $wrong = 1;

        }elseif(isset($_POST['one'])){

            echo '
            <td>
                <input type="number" name="one" min="0" max="9" value="'.$_POST['one'].'" style="background-color : grey;" required>
            </td>
            ';
            $wrong = 1;

        }else{

            echo '<td>Error Code #1010</td>';
            exit;

        }

        if(isset($_POST['two']) && $_POST['two'] == $_SESSION['two']){

            echo '
            <td>
                <input type="number" name="two" min="0" max="9" value="'.$_POST['two'].'" style="background-color : green;" readonly>
            </td>
            ';


        }elseif(isset($_POST['two']) && in_array($_POST['two'],$code_array)){

            echo '
            <td>
                <input type="number" name="two" min="0" max="9" value="'.$_POST['two'].'" style="background-color : yellow;" required>
            </td>
            ';
            $wrong = 1;

        }elseif(isset($_POST['two'])){

            echo '
            <td>
                <input type="number" name="two" min="0" max="9" value="'.$_POST['two'].'" style="background-color : grey;" required>
            </td>
            ';
            $wrong = 1;

        }else{

            echo "<td>Error Code #2020</td>";
            exit;

        }

        if(isset($_POST['three']) && $_POST['three'] == $_SESSION['three']){

            echo '
            <td>
            <input type="number" name="three" min="0" max="9" value="'.$_POST['three'].'" style="background-color : green;" readonly>
            </td>
            ';


        }elseif(isset($_POST['three']) && in_array($_POST['three'],$code_array)){

            echo '
            <td>
            <input type="number" name="three" min="0" max="9" value="'.$_POST['three'].'" style="background-color : yellow;" required>
            </td>
            ';
            $wrong = 1;

        }elseif(isset($_POST['three'])){

            echo '
            <td>
            <input type="number" name="three" min="0" max="9" value="'.$_POST['three'].'" style="background-color : grey;" required>
            </td>
            ';
            $wrong = 1;

        }else{

            echo "<td>Error Code #3030</td>";
            exit;

        }

        if(isset($_POST['four']) && $_POST['four'] == $_SESSION['four']){

            echo '
            <td>
            <input type="number" name="four" min="0" max="9" value="'.$_POST['four'].'" style="background-color : green;" readonly>
            </td>';


        }elseif(isset($_POST['four']) && in_array($_POST['four'],$code_array)){

            echo '
            <td>
            <input type="number" name="four" min="0" max="9" value="'.$_POST['four'].'" style="background-color : yellow;" required>
            </td>';
            $wrong = 1;

        }elseif(isset($_POST['four'])){

            echo '
            <td>
            <input type="number" name="four" min="0" max="9" value="'.$_POST['four'].'" style="background-color : grey;" required>
            </td>';
            $wrong = 1;

        }else{

            echo "<td>Error Code #4040</td>";
            exit;

        }

        echo '</tr></table>';
        
        if(isset($wrong)){
            echo '<button type="submit">Submit '.$_SESSION['attempt'].'</button>';
            $_SESSION['attempt'] = $_SESSION['attempt'] + 1;
        
        }else{

            echo 'You won! <a href="unlock-combo.php">play again</a>';
            session_unset();

        }
        
        echo '</form>';



    }else{

        echo "Missing required information.";
        exit;

    }


}else{

    echo '<form action="http://stomps.great-site.net/unlock-combo.php" method="POST"><table><tr><td><input type="number" name="one" min="0" max="9" required></td><td><input type="number" name="two" min="0" max="9" required></td><td><input type="number" name="three" min="0" max="9" required></td><td><input type="number" name="four" min="0" max="9" required></td></tr></table><input type="hidden" name="attempt" value="1"><button type="submit">Submit</button></form>';

    $_SESSION['attempt'] = 0;

}

echo '</body></html>';

There is a fair bit of unnecessary IF'ing on the `attempt` count! Why put an `if($_SESSION['attempt'] = 4){` and nothing else INSIDE an `}elseif($_SESSION['attempt'] > 0 && $_SESSION['attempt'] < 5){` Redundant at best — RiggsFolly, May 05 '22 at 16:37
_NOTE_ All data in the `$_POST` array will be of type string so there is also a fair bit of unnecessary type rangling here too. If you removed all the fluff you could probably end up with some easily debuggable code — RiggsFolly, May 05 '22 at 16:41
`if($_SESSION['attempt'] = 4){` assigns, use `==` or `===` to compare — brombeer, May 05 '22 at 17:05
`if(!$_SESSION){ session_start();}` The session does not exist until you have run `session_start()` so line 1 = `Undefined global variable $_SESSION` — RiggsFolly, May 05 '22 at 17:16
Add [error reporting](http://stackoverflow.com/questions/845021/) to the top of your file(s) _while testing_ right after your opening PHP tag for example. Even if you are developing on a server configured as LIVE you will now see any errors. ` — RiggsFolly, May 05 '22 at 17:17
_From the manual_ Only use session_unset() for older deprecated code that does not use $_SESSION. — RiggsFolly, May 05 '22 at 17:24

SESSION variable not functioning correctly

0 Answers0