t.bo Posted October 4, 2010 Share Posted October 4, 2010 Hey all, Today I have received an error of one of my websites I created 2 years ago. The user cannot login anymore. He stays on the login screen and nothing happens. If he enters the wrong username & password he gets the correct error code. I use sessions and the user & pass are stored in the DB. I havent changed anything but the provider did some general updates. So can you guys check if any code is outdated? It seems like the session is not stored or the form does not send the user&pass. If I go directly to the login.php file I get the error: PHP Notice: Undefined index: username in D:\www\orangerie-krekelh.be\www\login.php on line 5 PHP Notice: Undefined index: pw in D:\www\orangerie-krekelh.be\www\login.php on line 6 The loginform <div id="content"> <h1>Login</h1> <form action="login.php" method="post"> <b>Username</b>:<input type="text" name="username" size="20"><br> <b>Password</b>:<input type="password" name="pw" size="20"><br> <input type="submit" value="Login"></form> </div> The login php file <?php session_start(); include('dbconnect.php'); print_r($_POST); $username = $_POST['username']; $pw = $_POST['pw']; $q="SELECT * FROM `users` WHERE ((username='$username') AND (pw='$pw'))"; $result= mysql_query($q) or die ("Could not execute query : $q." . mysql_error()); if (mysql_num_rows($result) == 0) { echo "<div align=center><b>Uw login en/of paswoord is verkeerd ingegeven, probeer opnieuw.</b></div>"; } else { $r=mysql_fetch_array($result); $login_username=$r["username"]; session_register("login_username"); Header("location: protected.php"); } ?> Thanks in advance for any kind of help! greetz Quote Link to comment https://forums.phpfreaks.com/topic/215147-undefined-index-with-login/ Share on other sites More sharing options...
Psycho Posted October 4, 2010 Share Posted October 4, 2010 Your host has probably modified the default error reporting to show notifications (which is kind of odd in my opinion). You should definitely have error reportingset to show everything in a development environment, but in a production environment notification errors should be suppressed. But, the problem is that on first access of the page the POST values don't exist. So, when you try to set $username = $_POST['username']; you are getting the error because $_POST['username'] doesn't exist. The right way to do that would be $username = isset($_POST['username']) ? $_POST['username'] : false; But, you shoudl rework the logic further. Te current page does a db query regardless if the user submitted login credentials or not. You should only do the authnetication if the user submitted the form. Quote Link to comment https://forums.phpfreaks.com/topic/215147-undefined-index-with-login/#findComment-1119006 Share on other sites More sharing options...
Psycho Posted October 4, 2010 Share Posted October 4, 2010 After furhter review I suspect the root fo the problem is in the form page. You may be getting the same type of notification errors - but they may be masked in the HTML code, thereby corrupting the input data. Kind of hard to know for sure without debugging it. Another possibility is that the host may have enabled/disabled magic quotes which would make the input data different from what you were receiving before. What is the output of the print_r()? Is it what you would expect? Quote Link to comment https://forums.phpfreaks.com/topic/215147-undefined-index-with-login/#findComment-1119016 Share on other sites More sharing options...
t.bo Posted October 4, 2010 Author Share Posted October 4, 2010 The array is empty (Array ( ) ) That is not what I expect. The text inputted is very basic so I don't think it falls under the magic quote criteria no? Quote Link to comment https://forums.phpfreaks.com/topic/215147-undefined-index-with-login/#findComment-1119024 Share on other sites More sharing options...
t.bo Posted October 4, 2010 Author Share Posted October 4, 2010 More info: I have changed the POST into GET in the login.php file. This returns the correct array as expected. But it does solve the problem however. Instead now the 'wrong password' error always shows... Quote Link to comment https://forums.phpfreaks.com/topic/215147-undefined-index-with-login/#findComment-1119028 Share on other sites More sharing options...
t.bo Posted October 4, 2010 Author Share Posted October 4, 2010 This is very weird, as stated above, I changed the POST to GET for the username & password but not for the print_r. If I also change the print_r to GET, the array is empty again. So the code at this point (with a correct filled array) is <?php session_start(); include('dbconnect.php'); // $username = $_POST['username']; // $pw = $_POST['pw']; $username = isset($_GET['username']) ? $_GET['username'] : false; print_r($_POST); $pw = isset($_GET['pw']) ? $_GET['pw'] : false; $q="SELECT * FROM `users` WHERE ((username='$username') AND (pw='$pw'))"; $result= mysql_query($q) or die ("Could not execute query : $q." . mysql_error()); if (mysql_num_rows($result) == 0) { echo "<div align=center><b>Uw login en/of paswoord is verkeerd ingegeven, probeer opnieuw.</b></div>"; } else { $r=mysql_fetch_array($result); $login_username=$r["username"]; session_register("login_username"); Header("location: protected.php"); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/215147-undefined-index-with-login/#findComment-1119031 Share on other sites More sharing options...
merylvingien Posted October 4, 2010 Share Posted October 4, 2010 Just reviewing a log in script that i have here and working. Why are you setting the session right away? The way i would do this ( and i am no mean coder by the way ) <?php include('dbconnect.php'); if (isset($_POST['username'])) {$username=$_POST['username'];} $username= mysql_real_escape_string($username); if(isset($_POST['pw'])) {$pw=$_POST['pw'];} $pw= mysql_real_escape_string($pw); $q="SELECT * FROM `users` WHERE ((username='$username') AND (pw='$pw'))"; $result= mysql_query($q) or die ("Could not execute query : $q." . mysql_error()); if (mysql_num_rows($result) == 0) { session_start(); $_SESSION['login_username'] = ""; header ("Location: loginpage"); } else { $r=mysql_fetch_array($result); $login_username=$r["username"]; session_start(); $_SESSION['login_username'] = "$login_username"; Header("location: protected.php"); } ?> Or something along those lines LOL Quote Link to comment https://forums.phpfreaks.com/topic/215147-undefined-index-with-login/#findComment-1119033 Share on other sites More sharing options...
t.bo Posted October 4, 2010 Author Share Posted October 4, 2010 merylvingien, Maybe you are not a coder but your solution worked m8! Thanks a lot. I don't have clear explanation because I have always been told session stuff needs to be on top of the page: -) grtz Quote Link to comment https://forums.phpfreaks.com/topic/215147-undefined-index-with-login/#findComment-1119046 Share on other sites More sharing options...
merylvingien Posted October 4, 2010 Share Posted October 4, 2010 LOL your welcome Quote Link to comment https://forums.phpfreaks.com/topic/215147-undefined-index-with-login/#findComment-1119055 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.