[SOLVED] Undefined Index Help

[Kev0121]

Hello, I'm having problems with my php register script. Everytime i open it up in my browser i always get  "Notice: Undefined index: username in C:\wamp\www\phpdesigner_tmp1.php on line 5"

 

Here is my script..

 

 <?php

include('connections.php');

$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
$user = stripslashes($user);
$pass = stripslashes($pass);
$pass = sha1($pass);
$user = addslashes($user);

if(isset($_POST['submit'])) {

if(!$_POST['username'] || !$_POST['password']) {
die (' Please make sure all of the require fields are entered. ');	
}

$user_check = "SELECT `username` FROM `users` WHERE `username` = '$user' ";
$sql = mysql_query($user_check);
$row = mysql_num_rows($sql);

if ($row > 1) {
die ('Sorry but the username '.$user.' is already in use' );
}
if (strlen($user)< 4) {
die('Please make sure that the username is 4 or more characters');
}
if (strlen($pass)< 4) {
die('Please make sure that the password is 4 or more characters');
}

}


$insert = "INSERT INTO `users` (username, password) VALUES ('$user', '$pass')";
$sql = mysql_query($insert);



?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60" />
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="10" />
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register" /></th></tr> </table>
</form> [code]

 

[attachment deleted by admin]

[trq]

All this....

 

$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
$user = stripslashes($user);
$pass = stripslashes($pass);
$pass = sha1($pass);
$user = addslashes($user);

 

Needs to be within your if statement.

[Kev0121]

Right i done that, now it's saying

 

Notice: Undefined variable: user in C:\wamp\www\phpdesigner_tmp1.php on line 37

 

Notice: Undefined variable: pass in C:\wamp\www\phpdesigner_tmp1.php on line 37

 

which is

 

 $insert = "INSERT INTO `users` (username, password) VALUES ('$user', '$pass')"; [code]

[gevans]

Did all the variables you just moved get moved to a place before that line?

[trq]

Can you indent your code so it is readable and post what you currently have?

[Kev0121]

Yeh i put it before that sql query code and sorry heres my code

 

 

<?php

include('connections.php');



if(isset($_POST['submit'])) {

if(!$_POST['username'] || !$_POST['password']) {
die (' Please make sure all of the require fields are entered. ');	
}

$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
$user = stripslashes($user);
$pass = stripslashes($pass);
$pass = sha1($pass);
$user = addslashes($user);	

$user_check = "SELECT `username` FROM `users` WHERE `username` = '$user' ";
$sql = mysql_query($user_check);
$row = mysql_num_rows($sql);

if ($row > 1) {
die ('Sorry but the username '.$user.' is already in use' );
}
if (strlen($user)< 4) {
die('Please make sure that the username is 4 or more characters');
}
if (strlen($pass)< 4) {
die('Please make sure that the password is 4 or more characters');
}

}


$insert = "INSERT INTO `users` (username, password) VALUES ('".$_POST['username']."']', '".$_POST['password']."')";
$sql = mysql_query($insert);



?>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60" />
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="10" />
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register" /></th></tr> </table>
</form>
[code]

[PFMaBiSmAd]

The line of code with that error is located after/outside of the if() conditional statement, so it gets executed every time the page is requested instead of only when the form has been submitted.

[Kev0121]

The line of code with that error is located after/outside of the if() conditional statement, so it gets executed every time the page is requested instead of only when the form has been submitted.

 

How do i fix that xD?

[gevans]

You don't need this;

$user = stripslashes($user);
$pass = stripslashes($pass);

unless get_magic_quotes_gpc() is registered (which it shouldnt be)

 

this line

if ($row > 1) {
   die ('Sorry but the username '.$user.' is already in use' );
}

 

should be

if ($row >= 1) {
   die ('Sorry but the username '.$user.' is already in use' );
}

 

Otherwise you'll be able to have usernames in your database twice

 

if (strlen($user)< 4) {
   die('Please make sure that the username is 4 or more characters');
}
if (strlen($pass)< 4) {
   die('Please make sure that the password is 4 or more characters');
}

I'd do these checks before manipulating strings (and before the sql query) You've already used sha1() on the password so it's going to be a standard length.

 

this code

$insert = "INSERT INTO `users` (username, password) VALUES ('".$_POST['username']."']', '".$_POST['password']."')";
$sql = mysql_query($insert);

 

should be

$insert = "INSERT INTO `users` (username, password) VALUES ('$user', '$pass')";
$sql = mysql_query($insert);

 

You should also move that code up so that it's above the last curly bracket '}'

[Kev0121]

Ahh, it works thanks alot

 

Much appreciated for all of the replies

 

/Kev