@thegoryone said:
One of us is a terrible PHP developer. It's not me.The only reason to disable these errors is for portability with older PHP installs, otherwise do the job right and the errors won't be there in the first place. Hiding errors and saying everything is ok is not a valid approach for any developer, it's utterly TRWTF.
Maybe you didn't read that part but I don't have access to the Apache logs on this system. So what good would enabling notices do? They might be turned on for all I know.
Note how I continue not to give fuck? I'm not going to barge in and change code just to silence some notices I will never see.
@thegoryone said:
if($Config['enabled'] === $_SESSION['user'])
will return true or false, but isn't exactly best practice
Would you be kind enough to explain in what scenario writing if($Config['enabled'] === $_SESSION['user'])
would be an option? Because $Config['enabled']
is supposed to hold a boolean and $_SESSION['user']
should not ever contain a boolean in your scenario. What's the purpose of comparing the two?
@thegoryone said:
Ideally you'd use if(isset($Config['enabled']) && $Config['enabled'])
No I would not do that for the simple reason that I never read $Config['enabled']
. I'm setting it. What are you talkling about?
@thegoryone said:
Unsetting/destroying via session_unset() is the correct way, that's why it exists. You're arguing in favor of an anti-pattern. Why would you set a session variable used for security to 0? Why? What possible reason do you have for that?
Maybe I like the invariant of always having a number there. I don't, but I'm asking why this should be in any way less secure than unsetting the variable in the session. You still haven't explained that. Of course unsetting the whole session is more secure because it's simpler, but we weren't talking about that.
@thegoryone said:
Can't tell if sarcastic...
I was being sarcastic. I've cleaned a lot of unnecessary logic out of PHP code.
@thegoryone said:
$var = (isset($var)) ? true : false;
is the same as
if (isset($var)) { $var = true } else { $var = false; }
$var = isset($var);
There, you triggered my compulsive cleanup reflex.
[1]:
http://php.net/manual/en/errorfunc.configuration.php#ini.display-errors