Jump to content

Login

steveangelis

By steveangelis
in PHP Coding Help

 Share

Recommended Posts

steveangelis Member

steveangelis

Posted
Posted 

<?PHP

session_start();  

if($_POST){ 
  $_SESSION['username']=$_POST["username"]; 
  $_SESSION['password']=$_POST["password"];   
} 

$result=mysql_query("select * from members where mbr_name='" .$_SESSION['username'] . "' and mbr_pass='" . md5($_SESSION['password']) . "'"); 

$num=mysql_num_rows($result);  

if($num < 1){ 
  echo "Login needed!!!<br><br> 
   
  <form method=POST action=index.php> 
  username: <input type=text name=\"username\"> 
  password: <input type=password name=\"password\"> 
  <input type=submit> 
  </form>"; 
   
  exit; 

} 
?>

 

I keep getting this error: 

 

 

Notice: Undefined index: username in C:\Program Files\wamp\www\clan\login\inc\auth.php on line 10

 

Notice: Undefined index: password in C:\Program Files\wamp\www\clan\login\inc\auth.php on line 10

 

Does anyone know why?

 

Line 11 is this:  $result=mysql_query("select * from members where mbr_name='" .$_SESSION['username'] . "' and mbr_pass='" . md5($_SESSION['password']) . "'");

Link to comment
https://forums.phpfreaks.com/topic/155563-login/
Share on other sites
jackpf Member

jackpf

Posted
Posted

Probably because the session "username" doesn't exist.

This isn't really an error though, you can just ignore it and set your php settings to do the same.

However, you can avoid it by doing this:

if(isset($_SESSION['username']))
{
$username = $_SESSION['username'];
}
else
{
$username = null;
}

That way the username session is only called if it exists.

Link to comment
https://forums.phpfreaks.com/topic/155563-login/#findComment-818666
Share on other sites
DjMikeS Member

DjMikeS

Posted
Posted

The error's simply mean that you are trying to get a value from an array, POST in this case, that doesn't exist...

 

So check your html form's method to POST and check if your inputs have a "name" value set to username and password...

 

You also realize that this script is by far secure ? For example, I don't see you sanitizing your form data before sending it to the database.

Also, there is no need to register the POST variables as SESSION vars, because you haven't checked...

 

So:

1. Check for simple contents, eg. empty form submitted

2. Sanitize POST vars

3. Check them with the database

4. Register the database result as SESSION vars

 

Link to comment
https://forums.phpfreaks.com/topic/155563-login/#findComment-818711
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted 

<?PHP

session_start();  

if($_POST){ 
  $_SESSION['username']=$_POST["username"]; 
  $_SESSION['password']=$_POST["password"];   
} 

$result=mysql_query("select * from members where mbr_name='" .$_SESSION['username'] . "' and mbr_pass='" . md5($_SESSION['password']) . "'"); 

$num=mysql_num_rows($result);  

if($num < 1){ 
  echo "Login needed!!!<br><br> 
   
  <form method=POST action=index.php> 
  username: <input type=text name=\"username\"> 
  password: <input type=password name=\"password\"> 
  <input type=submit> 
  </form>"; 
   
  exit; 

} 
?>

 

I keep getting this error: 

 

 

Notice: Undefined index: username in C:\Program Files\wamp\www\clan\login\inc\auth.php on line 10

 

Notice: Undefined index: password in C:\Program Files\wamp\www\clan\login\inc\auth.php on line 10

 

Does anyone know why?

 

Line 11 is this:  $result=mysql_query("select * from members where mbr_name='" .$_SESSION['username'] . "' and mbr_pass='" . md5($_SESSION['password']) . "'");

 

First off, this is a pretty bad way to go about things. As a few people have said, you don't want to set the session as the post variables, before you even check them. You want to just set them as simple variables, like so

if (isset($_POST['username']) && $_POST['password'])){//or whatever your forms are called
$uname = $_POST['username'];
$pass = $_POST['password'];

$result=mysql_query("select * from members where mbr_name='" .$uname . "' and mbr_pass='" . md5($pass) . "'");

$num=mysql_num_rows($result); 

if($num < 1){ 
echo "Bad Longin!"
exit();
}
//now here we set the sessions
$_SESSSION['Username'] = $username;
$_SESSION['isLoggedin'] = true;
echo "Welcome $username!";

}
else {//if the post variables arent set, put the form here
... etc.

 

You also want to sanitize the post variables also. Check this tutorial: http://www.phpeasystep.com/workshopview.php?id=6 on secure logins for more information,

but something like

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

 

would do the trick

Link to comment
https://forums.phpfreaks.com/topic/155563-login/#findComment-818777
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.