Jump to content

Recommended Posts

I've just recently started coding under PHP 5.2.6, and I'm running into a few issues. When trying to login on a development site I'm working on, I keep getting this error:

Notice: Undefined variable: user_password in /home/thereal6/public_html/hrobinson/ucp.php on line 79

 

Also, the script is not setting cookies at all. What would cause this?

 

This is the code for ucp.php:

<?php

// Main content section

define('IN_HR', true);
$root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1);
include($root_path . 'common.' . $phpEx);

if (isset($_GET['mode']))
{
$mode = $_GET['mode'];
}

if(isset($mode))
{
switch($mode)
{
	case 'login':
		// has user reached maximum allowed login attempts?
		if(isset($_COOKIE['login_limit']) && $_COOKIE['login_limit'] == '3')
		{
			$msg = 'You have exceeded the maximum allowed failed login attempts! You are now unable to attempt to login for fifteen (15) minutes.';
			error_page($msg);
		}

		// user login information
		$username = mysql_real_escape_string($_POST['username']);
		$userpass = md5($_POST['password']);
		if(isset($_POST['expire']))
		{
			$remember = $_POST['expire'];
		}

		// did they provide a username?
		if(!isset($username))
		{
			$msg = 'You cannot login without entering a username.';
			error_page($msg);
		}

		// did they provide a password?
		if(!isset($userpass))
		{
			$msg = 'You cannot login without entering a password.';
			error_page($msg);
		}

		// select the user from the database
		$sql = "SELECT * ".USERS_TABLE." WHERE user_name = ".$username." ";
		$result = @mysql_query($sql);
		if(!isset($result))
		{
			// has the user already had a failed login?
			if(isset($_COOKIE['login_limit']))
			{
				// if so, delete the old increment the amount of login attempts, delete the old cookie, then add the new one
				$login_attmpts = $_COOKIE['login_limit']++;
				setcookie('login_limit', '', time()-3600);
				setcookie('login_limit', $login_attmpts, time()*60*15);
			}
			// if not, set a cookie for the failed login
			setcookie('login_limit', '1', time()*60*15);

			$msg = 'That is not a valid username. Please go back and try again.';
			error_page($msg);
		}
		else
		{
			// we did find the user, so lets grab some info
			while($row = @mysql_fetch_assoc($result))
			{
				$user_password = $row['user_password'];
				$user_id = $row['user_id'];
				$user_name = $row['user_name'];
			}

			// if we have a user inputted password, but it doesn't match the one in the database
			if(isset($userpass) && ($user_password !== $userpass))
			{
				// has the user already had a failed login?
				if(isset($_COOKIE['login_limit']))
				{
					// if so, delete the old increment the amount of login attempts, delete the old cookie, then add the new one
					$login_attmpts = $_COOKIE['login_limit']++;
					setcookie('login_limit', '', time()-3600);
					setcookie('login_limit', $login_attmpts, time()*60*15);
				}
				// if not, set a cookie for the failed login
				setcookie('login_limit', '1', time()*60*15);

				$msg = 'The password you entered is invalid. Please try again.';
				error_page($msg);
			}

			// if we have a user inputted username and password, and a username and password from the database, and they match
			if(((isset($username) && isset($userpass)) && (isset($user_name) && isset($user_password))) && (($user_password == $userpass) && ($user_name == $username)))
			{
				// remember me?
				if($remember == 'true')
				{
					$expire = time()*60*60*24*365;
				}
				else
				{
					$expire = time()*60*15;
				}

				// set the user's cookies because they were successfully logged in
				setcookie('user', $user_id, $expire, '/', 'www.hr.com');
				setcookie('user_name', $user_name, $expire, '/', 'www.hr.com');
				$user_hash = md5($user_id.$user_name.$user_password);
				setcookie('user_hash', $user_hash, $expire, '/', 'www.hr.com');

				$msg = 'You have successfully logged in!';
				$return = 'index.'.$phpEx;
				error_page($msg, $return);
			}
		}
	break;

	case 'logout':
		if(isset($_COOKIE['user']) || isset($_COOKIE['user_name']) || isset($_COOKIE['user_hash']))
		{
			setcookie('user', '', time()-3600);
			setcookie('user_name', '', time()-3600);
			setcookie('user_hash', '', time()-3600);
		}
		$msg = 'You have been successfully logged out.';
		error_page($msg, $return='index.php');
	break;

	case 'ucp':
		$user_id = $_COOKIE['user_id'];
		$sql = "SELECT * FROM " . USERS_TABLE . " WHERE user_id = ".$user_id." ";
		$result = @mysql_query($sql);
		if(!isset($result))
		{
			$msg = 'Could not retrieve user information from database!';
			error_page($msg);
		}
		else
		{
			while($row = mysql_fetch_assoc($result))
			{
				$user_name = $row['user_name'];
				$user_email = $row['user_email'];
				$first_name = $row['first_name'];
				$last_name = $row['last_name'];
				$street_address = $row['street_address'];
				$city = $row['city'];
				$state = $row['state'];
				$zip_code = $row['zip_code'];
				$rcv_newsletter = $row['rcv_newsletter'];
			}
		}
		$page_title = 'User Control Panel';
		include('pages/header.'.$phpEx);
		?>
		<form action="ucp.<?php echo $phpEx; ?>?mode=ucp_modify" method="post">
		<table width="100%" cellpadding="0">
			<tr>
				<td align="left">Username:</td>
				<td align="right"><?php echo $user_name; ?></td>
			</tr>
			<tr>
				<td align="left">User Email:</td>
				<td align="right"><input type="text" name="user_email" value="<?php echo $user_email; ?>" /></td>
			</tr>
			<tr>
				<td align="left">First Name:</td>
				<td align="right"><input type="text" name="first_name" value="<?php echo $first_name; ?>" /></td>
			</tr>
			<tr>
				<td align="left">Last Name:</td>
				<td align="right"><input type="text" name="last_name" value="<?php echo $last_name; ?>" /></td>
			</tr>
			<tr>
				<td align="left">Street Address:</td>
				<td align="right"><input type="text" name="street_address" value="<?php echo $street_address; ?>" /></td>
			</tr>
			<tr>
				<td align="left">City:</td>
				<td align="right"><input type="text" name="city" value="<?php echo $city; ?>" /></td>
			</tr>
			<tr>
				<td align="left">State:</td>
				<td align="right"><input type="text" name="state" value="<?php echo $state; ?>" /></td>
			</tr>
			<tr>
				<td align="left">Zip Code:</td>
				<td align="right"><input type="text" name="zip_code" value="<?php echo $zip_code; ?>" /></td>
			</tr>
			<tr>
				<td align="left">Receive Newsletter?:</td>
				<td align="right"><input type="checkbox" name="rcv_newsletter" <?php if($rcv_newsletter == '1') { echo 'checked '; } ?>/></td>
			</tr>
			<tr>
				<td align="center" colspan="2"><input type="submit" value="Submit" />  <input type="reset" value="Reset" /></td>
			</tr>
		</table>
		</form>
		<?php
		include('pages/footer.'.$phpEx);
	break;

	case 'process_signup':
		$username = $_POST['user_name'];
		$email = $_POST['user_email'];
		$firstname = $_POST['first_name'];
		$lastname = $_POST['last_name'];
		$streetaddress = $_POST['street_address'];
		$city = $_POST['city'];
		$state = $_POST['state'];
		$zipcode = $_POST['zip_code'];
		$rcvnewsletter = $_POST['rcv_newsletter'];

		// did the user fill out all the required info?
		if(!isset($user_name) || !isset($user_email) || !isset($first_name) || !isset($last_name))
		{
			$msg = 'You did not fill out the required information! Please go back and fill in the necessary fields.';
			error_page($msg);
		}
		else
		{  
			// check if username is available
			$sql = "SELECT user_id FROM " . USERS_TABLE ." wHERE user_name = ".$user_name;
			$result = @mysql_query($sql);
			if(!isset($result))
			{
				$msg = 'That username is already in use! Please go back and choose another.';
				error_page($msg);
			}

			// Check if the email address provided is valid
			if(checkEmail($email) == FALSE) 
			{
				$msg = 'E-mail entered is not valid.';
				error_page($msg);
			} 


			// calculate the new user's id number
			$sql = "SELECT user_id FROM " . USERS_TABLE . " DESC";
			$result = @mysql_query($sql);
			$row = @mysql_fetch_assoc($result);
			if(!isset($row))
			{
				$user_id = '1';
			}
			else
			{
				$last_user_id = $row['user_id'];
			}

			$user_id = $last_user_id++;

			// prepare user submitted input for insertion into database. this is for security against mysql insertion attacks
			$user_name = mysql_real_escape_string($username);
			$user_password = md5(time());
			$user_email = $email;
			$first_name = mysql_real_escape_string($firstname);
			$last_name = mysql_real_escape_string($lastname);
			$street_address = mysql_real_escape_string($streetaddress);
			$city = mysql_real_escape_string($city);
			$state = mysql_real_escape_string($state);
			$zip_code = mysql_real_escape_string($zipcode);

			$reg_date = time();

			// if username is available, insert user into database
			$sql = "INSERT INTO ".USERS_TABLE." (user_id, user_name, user_password, user_email, rcv_newsletter, first_name, last_name, street_address, city, state, zip_code, registration_date
) VALUES ('".$user_id."', '".$user_name."', '".$user_password."', '".$user_email."', '".$rcvnewsletter."', '".$first_name."', '".$last_name."', '".$street_address."', '".$city."', '".$state."', '".$zip_code."', '".$reg_date."')";
			$result = @mysql_query($sql);
			if(!$result)
			{
				$msg = 'Could not insert user into database';
				error_page($msg);
			}
			$subject = "Website Registration";
			$email_msg = "Hello, ".$first_name."! Thank you for registering at Heather Robinson's website. Your login credentials are below.
			Username: ".$username."
			Password: ".$user_password."

			Please feel free to contact the administrator at whatever@whatever.com, and enjoy your visit!";
			if(!mail($user_email, $subject, $email_msg))
			{
				$msg = 'There has been an error sending your registration email. Please contact the administrator for more information.';
				error_page($msg);
			}
			$msg = 'You have successfully registered an account! Please check your email for your password. You may change your initial password once you login for the first time.';
			$title = 'Registration Successful!';
			error_page($title, $msg);
		}

	break;

	case 'signup':
		$page_title = 'Registration';
		include('pages/header.'.$phpEx);
		?>
		<div id="latest-post-wrap">
			<div id="latest-post" class="post">
				<h1 class="title">Registration</h1>
				<form method="post" action="ucp.<?php echo $phpEx; ?>?mode=process_signup">
				<table width="100%" align="center">
					<tr>
						<td colspan="2" align="center"><p>User Registration</p></td>
					</tr>
					<tr>
						<td align="left">Desired User Name<font color="#ff0000">*</font>:</td>
						<td align="left"><input type="text" name="user_name" maxlength="25" /></td>
					</tr>
					<tr>
						<td align="left">Your Email Address<font color="#ff0000">*</font>:</td>
						<td align="left"><input type="text" name="user_email" maxlength="40" /></td>
					</tr>
					<tr>
						<td align="left">Your First Name<font color="#ff0000">*</font>:</td>
						<td align="left"><input type="text" name="first_name" maxlength="20" /></td>
					</tr>
					<tr>
						<td align="left">Your Last Name<font color="#ff0000">*</font>:</td>
						<td align="left"><input type="text" name="last_name" maxlength="20" /></td>
					</tr>
					<tr>
						<td align="left">Your Street Address:</td>
						<td align="left"><input type="text" name="street_address" maxlength="50" /></td>
					</tr>
					<tr>
						<td align="left">Your City:</td>
						<td align="left"><input type="text" name="city" maxlength="20" /></td>
					</tr>
					<tr>
						<td align="left">Your State:</td>
						<td align="left"><input type="text" name="state" maxlength="2" /></td>
					</tr>
					<tr>
						<td align="left">Your Zip Code:</td>
						<td align="left"><input type="text" name="zip_code" /></td>
					</tr>
					<tr>
						<td align="left">YES! I would like to sign up for the newsletter!</td>
						<td align="left"><input type="checkbox" checked name="rcv_newsletter" value="1"></td>
					</tr>
					<tr>
						<td align="right"><input type="submit" name="submitok" value="Submit!" /></td>
						<td align="left"><input type="reset" value="Clear" /></td>
					</tr>
				</table>
				</form>
			</div>
		</div>
		<hr />
		<?php
		include('pages/footer.'.$phpEx);
	break;
}
}

?>



<?php
// End content section

?>

 

I've tried to work my way around this, but every thing I try either causes more errors, or I get a blank page.

 

Any suggestions?

Link to comment
https://forums.phpfreaks.com/topic/161913-notice-undefined-variable/
Share on other sites

Notice: Undefined variable: user_password in /home/thereal6/public_html/hrobinson/ucp.php on line 79

No rows are returned by your db query, so the code immediately following

$row = @mysql_fetch_assoc($result)

never sets the value of $user_password

 

The actual problem is:

$result = @mysql_query($sql);
if(!isset($result))

$result is set because the SQL query has executed successfully, even if no rows were returned because the user account didn't exist in the table.

Test for mysql_num_rows() instead to see if the user record was found.

 

Also, the script is not setting cookies at all. What would cause this?
Output from the script before the cookies are set. Cookies are sent out with the headers. If your error messages are being displayed first, then the cookies can't be set.

 

 

but I like clean code

Then remove all the @ in the code, because the one on line 71 is hiding the error that is most likely causing the error you did post for line 79. Which is in turn being caused by a query that failed but the @ on line 51 is hiding that fact.

 

Your logic also has problems that the @ in the code is also making difficult to troubleshoot. $result will be set if the query works or fails (it will be a result resource if the query worked or a FALSE value if the query failed), so the isset() test on line 52 is always TRUE.

sorry for a late reply..

 

but instead of

 

if(!isset($result))

 

you could just do

 

if ($row = mysql_fetch_assoc($result)) {

}

 

and that essentially will check if the results contain any rows, or not. and if it does, fill $row with the row and inside the if statement is where you'd handle it lol

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.