PHP login error

[nitation]

I have a login script that works fine. I decided to add this line of code

error_reporting(E_ALL);
ini_set('display_errors', 'on');

to my script. I keep getting this error

 

Notice: Undefined index: admin_user in C:\Program Files\xampp\htdocs\myfiles\vest\newnd\admin\login.php on line 14

Notice: Undefined index: admin_pass in C:\Program Files\xampp\htdocs\myfiles\vest\newnd\admin\login.php on line 15

Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\htdocs\myfiles\vest\newnd\admin\login.php:14) in C:\Program Files\xampp\htdocs\myfiles\vest\newnd\admin\login.php on line 37

 

This is my login script

 

<?php
error_reporting(E_ALL);
ini_set('display_errors', 'on');
session_start();

if (!isset ($_SESSION["admin_user"]))

{
  header ("Location:main.php?login=missing");
}
include 'connect.php';

// username and password sent from form
$admin_user=$_POST['admin_user'];
$admin_pass=$_POST['admin_pass'];

// To protect MySQL injection (more detail about MySQL injection)
$admin_user = stripslashes($admin_user);
$admin_pass = stripslashes($admin_pass);
$admin_user = mysql_real_escape_string($admin_user);
$admin_pass = mysql_real_escape_string($admin_pass);

$sql="SELECT * FROM newndAdmin WHERE admin_user='$admin_user' and admin_pass='$admin_pass'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("admin_user");
session_register("admin_pass");
header("location:index.php");
}
else {
header("location:main.php?login=wrong");
//echo "Please check your username or password. If you still cant login your account has been disabled. Please contact an admin.";
}

?>

 

 

[prexep]

Notice: Undefined index: admin_user in C:\Program Files\xampp\htdocs\myfiles\vest\newnd\admin\login.php on line 14

Notice: Undefined index: admin_pass in C:\Program Files\xampp\htdocs\myfiles\vest\newnd\admin\login.php on line 15

 

$admin_user and $admin_pass are empty.

[nitation]

what do you mean by they are empty?

[nitation]

Guys what am i doing wrong?

[bobbinsbro]

the warnings mean that the $_POST[] array contains no keys called admin_user and admin_pass.

this means that fields you think are called these names are actually called something else (or maybe don't exist?). i see that earlier in your code you use $_SESSION['admin_user']. is it possible that you should be using $_SESSION on lines 14,15 instead of $_POST?

[revraz]

Honestly, how many things can this really mean?

 

what do you mean by they are empty?

[prexep]

What is the form code?

 

Whats submitting to the login?

[nitation]

the warnings mean that the $_POST[] array contains no keys called admin_user and admin_pass.

this means that fields you think are called these names are actually called something else (or maybe don't exist?). i see that earlier in your code you use $_SESSION['admin_user']. is it possible that you should be using $_SESSION on lines 14,15 instead of $_POST?

I created the form myself. The input name is the same variable i used in the login page.

[prexep]

Do you have

<form action='login.php' method='POST'>

 

??

[nitation]

surely.

 

<form action='login.php' method='POST'>
Username   <input name="admin_user" type="text">
Password   <input name="admin_pass" type="password">
                <input name="submit" type="submit" value="Log In">
</form>

[nitation]

Let me just explain myself again.

 

I want to create a login page.

 

I have created the form, and the user is validated at login.php, what am i doing wrong?

[bobbinsbro]

could you post a print_r or a var_dump of $_POST in your login script?

 

and you should manage your headers better so that you don't try to send both login=missing and login=wrong (which is why your getting the warning about the headers).

[nitation]

I am using the both headers to show the error. I can always escape that. How do i show the error for the user if either password/username is wrong on the form it self.

[bobbinsbro]

you mean reloading the form and having "Wrong Password" appear in intimidating bold red letters next to the password field? i would just post the form to itself, and move the login script to the top of the file with:

 

<?php
$passwordValid = TRUE;
if (isset($_POST['submit']){ //submit being the name of the submit button
     if (//find out if password is wrong){
         $passwordValid = FALSE; //password is wrong, don't allow entry! skip login code
     }
    else{
    //more login.php code for valid passwords
    }
}
?>
<html>
html code
<input type="password" ..... /> <?php echo ($passwordValid?"":"beware! your password is wrong! muahahahah!"); ?>

 

i'd still like to see the var_dump($_POST); in login.php. maybe even var_dump($_POST, $_SESSION); too cover everything.