Chaos Creator Posted June 12, 2009 Share Posted June 12, 2009 I've just recently started coding under PHP 5.2.6, and I'm running into a few issues. When trying to login on a development site I'm working on, I keep getting this error: Notice: Undefined variable: user_password in /home/thereal6/public_html/hrobinson/ucp.php on line 79 Also, the script is not setting cookies at all. What would cause this? This is the code for ucp.php: <?php // Main content section define('IN_HR', true); $root_path = './'; $phpEx = substr(strrchr(__FILE__, '.'), 1); include($root_path . 'common.' . $phpEx); if (isset($_GET['mode'])) { $mode = $_GET['mode']; } if(isset($mode)) { switch($mode) { case 'login': // has user reached maximum allowed login attempts? if(isset($_COOKIE['login_limit']) && $_COOKIE['login_limit'] == '3') { $msg = 'You have exceeded the maximum allowed failed login attempts! You are now unable to attempt to login for fifteen (15) minutes.'; error_page($msg); } // user login information $username = mysql_real_escape_string($_POST['username']); $userpass = md5($_POST['password']); if(isset($_POST['expire'])) { $remember = $_POST['expire']; } // did they provide a username? if(!isset($username)) { $msg = 'You cannot login without entering a username.'; error_page($msg); } // did they provide a password? if(!isset($userpass)) { $msg = 'You cannot login without entering a password.'; error_page($msg); } // select the user from the database $sql = "SELECT * ".USERS_TABLE." WHERE user_name = ".$username." "; $result = @mysql_query($sql); if(!isset($result)) { // has the user already had a failed login? if(isset($_COOKIE['login_limit'])) { // if so, delete the old increment the amount of login attempts, delete the old cookie, then add the new one $login_attmpts = $_COOKIE['login_limit']++; setcookie('login_limit', '', time()-3600); setcookie('login_limit', $login_attmpts, time()*60*15); } // if not, set a cookie for the failed login setcookie('login_limit', '1', time()*60*15); $msg = 'That is not a valid username. Please go back and try again.'; error_page($msg); } else { // we did find the user, so lets grab some info while($row = @mysql_fetch_assoc($result)) { $user_password = $row['user_password']; $user_id = $row['user_id']; $user_name = $row['user_name']; } // if we have a user inputted password, but it doesn't match the one in the database if(isset($userpass) && ($user_password !== $userpass)) { // has the user already had a failed login? if(isset($_COOKIE['login_limit'])) { // if so, delete the old increment the amount of login attempts, delete the old cookie, then add the new one $login_attmpts = $_COOKIE['login_limit']++; setcookie('login_limit', '', time()-3600); setcookie('login_limit', $login_attmpts, time()*60*15); } // if not, set a cookie for the failed login setcookie('login_limit', '1', time()*60*15); $msg = 'The password you entered is invalid. Please try again.'; error_page($msg); } // if we have a user inputted username and password, and a username and password from the database, and they match if(((isset($username) && isset($userpass)) && (isset($user_name) && isset($user_password))) && (($user_password == $userpass) && ($user_name == $username))) { // remember me? if($remember == 'true') { $expire = time()*60*60*24*365; } else { $expire = time()*60*15; } // set the user's cookies because they were successfully logged in setcookie('user', $user_id, $expire, '/', 'www.hr.com'); setcookie('user_name', $user_name, $expire, '/', 'www.hr.com'); $user_hash = md5($user_id.$user_name.$user_password); setcookie('user_hash', $user_hash, $expire, '/', 'www.hr.com'); $msg = 'You have successfully logged in!'; $return = 'index.'.$phpEx; error_page($msg, $return); } } break; case 'logout': if(isset($_COOKIE['user']) || isset($_COOKIE['user_name']) || isset($_COOKIE['user_hash'])) { setcookie('user', '', time()-3600); setcookie('user_name', '', time()-3600); setcookie('user_hash', '', time()-3600); } $msg = 'You have been successfully logged out.'; error_page($msg, $return='index.php'); break; case 'ucp': $user_id = $_COOKIE['user_id']; $sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = ".$user_id." "; $result = @mysql_query($sql); if(!isset($result)) { $msg = 'Could not retrieve user information from database!'; error_page($msg); } else { while($row = mysql_fetch_assoc($result)) { $user_name = $row['user_name']; $user_email = $row['user_email']; $first_name = $row['first_name']; $last_name = $row['last_name']; $street_address = $row['street_address']; $city = $row['city']; $state = $row['state']; $zip_code = $row['zip_code']; $rcv_newsletter = $row['rcv_newsletter']; } } $page_title = 'User Control Panel'; include('pages/header.'.$phpEx); ?> <form action="ucp.<?php echo $phpEx; ?>?mode=ucp_modify" method="post"> <table width="100%" cellpadding="0"> <tr> <td align="left">Username:</td> <td align="right"><?php echo $user_name; ?></td> </tr> <tr> <td align="left">User Email:</td> <td align="right"><input type="text" name="user_email" value="<?php echo $user_email; ?>" /></td> </tr> <tr> <td align="left">First Name:</td> <td align="right"><input type="text" name="first_name" value="<?php echo $first_name; ?>" /></td> </tr> <tr> <td align="left">Last Name:</td> <td align="right"><input type="text" name="last_name" value="<?php echo $last_name; ?>" /></td> </tr> <tr> <td align="left">Street Address:</td> <td align="right"><input type="text" name="street_address" value="<?php echo $street_address; ?>" /></td> </tr> <tr> <td align="left">City:</td> <td align="right"><input type="text" name="city" value="<?php echo $city; ?>" /></td> </tr> <tr> <td align="left">State:</td> <td align="right"><input type="text" name="state" value="<?php echo $state; ?>" /></td> </tr> <tr> <td align="left">Zip Code:</td> <td align="right"><input type="text" name="zip_code" value="<?php echo $zip_code; ?>" /></td> </tr> <tr> <td align="left">Receive Newsletter?:</td> <td align="right"><input type="checkbox" name="rcv_newsletter" <?php if($rcv_newsletter == '1') { echo 'checked '; } ?>/></td> </tr> <tr> <td align="center" colspan="2"><input type="submit" value="Submit" /> <input type="reset" value="Reset" /></td> </tr> </table> </form> <?php include('pages/footer.'.$phpEx); break; case 'process_signup': $username = $_POST['user_name']; $email = $_POST['user_email']; $firstname = $_POST['first_name']; $lastname = $_POST['last_name']; $streetaddress = $_POST['street_address']; $city = $_POST['city']; $state = $_POST['state']; $zipcode = $_POST['zip_code']; $rcvnewsletter = $_POST['rcv_newsletter']; // did the user fill out all the required info? if(!isset($user_name) || !isset($user_email) || !isset($first_name) || !isset($last_name)) { $msg = 'You did not fill out the required information! Please go back and fill in the necessary fields.'; error_page($msg); } else { // check if username is available $sql = "SELECT user_id FROM " . USERS_TABLE ." wHERE user_name = ".$user_name; $result = @mysql_query($sql); if(!isset($result)) { $msg = 'That username is already in use! Please go back and choose another.'; error_page($msg); } // Check if the email address provided is valid if(checkEmail($email) == FALSE) { $msg = 'E-mail entered is not valid.'; error_page($msg); } // calculate the new user's id number $sql = "SELECT user_id FROM " . USERS_TABLE . " DESC"; $result = @mysql_query($sql); $row = @mysql_fetch_assoc($result); if(!isset($row)) { $user_id = '1'; } else { $last_user_id = $row['user_id']; } $user_id = $last_user_id++; // prepare user submitted input for insertion into database. this is for security against mysql insertion attacks $user_name = mysql_real_escape_string($username); $user_password = md5(time()); $user_email = $email; $first_name = mysql_real_escape_string($firstname); $last_name = mysql_real_escape_string($lastname); $street_address = mysql_real_escape_string($streetaddress); $city = mysql_real_escape_string($city); $state = mysql_real_escape_string($state); $zip_code = mysql_real_escape_string($zipcode); $reg_date = time(); // if username is available, insert user into database $sql = "INSERT INTO ".USERS_TABLE." (user_id, user_name, user_password, user_email, rcv_newsletter, first_name, last_name, street_address, city, state, zip_code, registration_date ) VALUES ('".$user_id."', '".$user_name."', '".$user_password."', '".$user_email."', '".$rcvnewsletter."', '".$first_name."', '".$last_name."', '".$street_address."', '".$city."', '".$state."', '".$zip_code."', '".$reg_date."')"; $result = @mysql_query($sql); if(!$result) { $msg = 'Could not insert user into database'; error_page($msg); } $subject = "Website Registration"; $email_msg = "Hello, ".$first_name."! Thank you for registering at Heather Robinson's website. Your login credentials are below. Username: ".$username." Password: ".$user_password." Please feel free to contact the administrator at whatever@whatever.com, and enjoy your visit!"; if(!mail($user_email, $subject, $email_msg)) { $msg = 'There has been an error sending your registration email. Please contact the administrator for more information.'; error_page($msg); } $msg = 'You have successfully registered an account! Please check your email for your password. You may change your initial password once you login for the first time.'; $title = 'Registration Successful!'; error_page($title, $msg); } break; case 'signup': $page_title = 'Registration'; include('pages/header.'.$phpEx); ?> <div id="latest-post-wrap"> <div id="latest-post" class="post"> <h1 class="title">Registration</h1> <form method="post" action="ucp.<?php echo $phpEx; ?>?mode=process_signup"> <table width="100%" align="center"> <tr> <td colspan="2" align="center"><p>User Registration</p></td> </tr> <tr> <td align="left">Desired User Name<font color="#ff0000">*</font>:</td> <td align="left"><input type="text" name="user_name" maxlength="25" /></td> </tr> <tr> <td align="left">Your Email Address<font color="#ff0000">*</font>:</td> <td align="left"><input type="text" name="user_email" maxlength="40" /></td> </tr> <tr> <td align="left">Your First Name<font color="#ff0000">*</font>:</td> <td align="left"><input type="text" name="first_name" maxlength="20" /></td> </tr> <tr> <td align="left">Your Last Name<font color="#ff0000">*</font>:</td> <td align="left"><input type="text" name="last_name" maxlength="20" /></td> </tr> <tr> <td align="left">Your Street Address:</td> <td align="left"><input type="text" name="street_address" maxlength="50" /></td> </tr> <tr> <td align="left">Your City:</td> <td align="left"><input type="text" name="city" maxlength="20" /></td> </tr> <tr> <td align="left">Your State:</td> <td align="left"><input type="text" name="state" maxlength="2" /></td> </tr> <tr> <td align="left">Your Zip Code:</td> <td align="left"><input type="text" name="zip_code" /></td> </tr> <tr> <td align="left">YES! I would like to sign up for the newsletter!</td> <td align="left"><input type="checkbox" checked name="rcv_newsletter" value="1"></td> </tr> <tr> <td align="right"><input type="submit" name="submitok" value="Submit!" /></td> <td align="left"><input type="reset" value="Clear" /></td> </tr> </table> </form> </div> </div> <hr /> <?php include('pages/footer.'.$phpEx); break; } } ?> <?php // End content section ?> I've tried to work my way around this, but every thing I try either causes more errors, or I get a blank page. Any suggestions? Quote Link to comment https://forums.phpfreaks.com/topic/161913-notice-undefined-variable/ Share on other sites More sharing options...
RussellReal Posted June 12, 2009 Share Posted June 12, 2009 your error reporting is E_ALL set it to E_WARNING I think error_reporting(E_WARNING) Quote Link to comment https://forums.phpfreaks.com/topic/161913-notice-undefined-variable/#findComment-854292 Share on other sites More sharing options...
Chaos Creator Posted June 12, 2009 Author Share Posted June 12, 2009 Well, that would definitely take away the Notice, but I like clean code, so I'd rather not simply ignore problem. I have all the error reporting set that way because the site is still in development, and I'm trying to debug. Quote Link to comment https://forums.phpfreaks.com/topic/161913-notice-undefined-variable/#findComment-854444 Share on other sites More sharing options...
Mark Baker Posted June 12, 2009 Share Posted June 12, 2009 Notice: Undefined variable: user_password in /home/thereal6/public_html/hrobinson/ucp.php on line 79 No rows are returned by your db query, so the code immediately following $row = @mysql_fetch_assoc($result) never sets the value of $user_password The actual problem is: $result = @mysql_query($sql); if(!isset($result)) $result is set because the SQL query has executed successfully, even if no rows were returned because the user account didn't exist in the table. Test for mysql_num_rows() instead to see if the user record was found. Also, the script is not setting cookies at all. What would cause this?Output from the script before the cookies are set. Cookies are sent out with the headers. If your error messages are being displayed first, then the cookies can't be set. Quote Link to comment https://forums.phpfreaks.com/topic/161913-notice-undefined-variable/#findComment-854462 Share on other sites More sharing options...
PFMaBiSmAd Posted June 12, 2009 Share Posted June 12, 2009 but I like clean code Then remove all the @ in the code, because the one on line 71 is hiding the error that is most likely causing the error you did post for line 79. Which is in turn being caused by a query that failed but the @ on line 51 is hiding that fact. Your logic also has problems that the @ in the code is also making difficult to troubleshoot. $result will be set if the query works or fails (it will be a result resource if the query worked or a FALSE value if the query failed), so the isset() test on line 52 is always TRUE. Quote Link to comment https://forums.phpfreaks.com/topic/161913-notice-undefined-variable/#findComment-854464 Share on other sites More sharing options...
Chaos Creator Posted June 12, 2009 Author Share Posted June 12, 2009 Ha! I knew I had to be doing something simply stupid, but I was so tired I couldn't see what it was. lol. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/161913-notice-undefined-variable/#findComment-854491 Share on other sites More sharing options...
RussellReal Posted June 15, 2009 Share Posted June 15, 2009 sorry for a late reply.. but instead of if(!isset($result)) you could just do if ($row = mysql_fetch_assoc($result)) { } and that essentially will check if the results contain any rows, or not. and if it does, fill $row with the row and inside the if statement is where you'd handle it lol Quote Link to comment https://forums.phpfreaks.com/topic/161913-notice-undefined-variable/#findComment-855943 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.