rofl90 Posted January 26, 2008 Share Posted January 26, 2008 Heres a bit of my code <?php session_start(); $host = "mysql10.streamline.net"; $user = "xxx"; $pass = "xxx"; $db = "prowebdes1"; $ms = mysql_connect($host, $user, $pass); if(!$ms) { echo "Error connecting to database.\n"; } mysql_select_db($db); if($_GET['login'] == "login") { $user1_post = addslashes($_POST["username_post"]); $pass1_post = addslashes($_POST["password_post"]); $pass1_post = md5($pass1_post); if($user1_post == "" or $pass1_post == "") { echo "<b>You Did Not Enter A Password</b>"; exit; } Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 26, 2008 Author Share Posted January 26, 2008 Couldn't edit: Btw I don't see why its an error as I do define it has login ? :S Could somebody explain =) Thx Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted January 26, 2008 Share Posted January 26, 2008 try: <?php if (isset($_GET['login'])) { $user1_post = addslashes($_POST["username_post"]); $pass1_post = addslashes($_POST["password_post"]); $pass1_post = md5($pass1_post); }else { echo " error message";} ?> Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 26, 2008 Author Share Posted January 26, 2008 error message Notice: Undefined variable: user1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 37 Notice: Undefined variable: pass1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 39 Notice: Undefined variable: user1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 43 Notice: Undefined variable: pass1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 43 <?php session_start(); $host = "mysql10.streamline.net"; $user = "prowebdes1"; $pass = "hello1"; $db = "prowebdes1"; $ms = mysql_connect($host, $user, $pass); if(!$ms) { echo "Error connecting to database.\n"; } mysql_select_db($db); if (isset($_GET['login'])) { $user1_post = addslashes($_POST["username_post"]); $pass1_post = addslashes($_POST["password_post"]); $pass1_post = md5($pass1_post); }else { echo " error message";} list($user) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$user1_post'")); list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$pass1_post'")); if($user1_post == "$user" and $pass1_post == "$pass") { $sql = mysql_query("SELECT * FROM `staff` WHERE username='$user' AND password='$pass'"); if(mysql_num_rows($sql)!= 1) { exit; } $result = mysql_fetch_array($sql); $_SESSION['session_username'] = $result['username']; $_SESSION['session_level'] = $result['level']; $_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR']; echo "<meta http-equiv=\"refresh\" content=\"0;url=main.php\">"; exit; } else { echo "<b>Your Username And Password Did Not Match</b>"; } ?> <body bgcolor="#F45000" bgproperties="fixed" style="background-image: url('habboback.gif')"> <p align="center"> </p> <center> <div align="center"> <table width="329" height="3" style="border-collapse: collapse" cellpadding="0" cellspacing="0" id="table2"> <tr> <td width="330" height="11" align="center"> </td> </tr> <tr> <td align="center" width="400" background="hk_middle.gif" height="342"> <form action="<?php echo "$PHP_SELF"; ?>?login=login" method="POST"> <font size="1"><br> <img border="0" src="enterHH%20copy.gif" width="105" height="106"><br> </font><table border="0" id="table3" width="252" height="87"> <tr> <td> <p align="center"><b><font size="1" face="Verdana">Username:</font></b></td> <td><? echo "<select size='1' name='username_post'> <option selected>Choose Your Name</option>"; include('dbConfig.php'); $result = mysql_query("SELECT * FROM `staff`"); while($worked = mysql_fetch_array($result)) { $username = $worked["username"]; echo "<option value=$username>$username</option>"; } mysql_close(); ?> </select></td> <td height="77" rowspan="4"> </td> </tr> <tr> <td> <p align="center"><font size="1" face="Verdana"><b>Password:</b></font></td> <td> <p align="center"><font color="#FFFFFF" size="1" face="Verdana"> <input type="password" name="password_post" size="26"></font></td> </tr> <tr> <td width="62"></td> <td width="172"> <input type='image' name='myclicker' src='hk_button.gif'></td> </tr> <tr> <td valign="top" colspan="2"> <p align="center"></td> </tr> </table> <p align="center"><font face="Verdana" size="1" color="#FFFFFF">Warning Your IP Address is <?php $ipa = getenv("REMOTE_ADDR"); echo "$ipa"; ?> Authorised FlyTropica staff only, we will do everything in our power to track down any unauthorised people. Abuse of this tool is strictly against the terms and conditions of service.</font></p> </form></td> </tr> </table> </div> <p align="center"> </p> Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 26, 2008 Author Share Posted January 26, 2008 Thats rather strange it is defined...: $user1_post = addslashes($_POST["username_post"]); $pass1_post = addslashes($_POST["password_post"]); its defined riiight there. Quote Link to comment Share on other sites More sharing options...
awpti Posted January 26, 2008 Share Posted January 26, 2008 Turn off error reporting. You don't NEED to fix those since they aren't, technically, errors. Just notices that it was undefined before. To truly fix it: - See my comments in the code. <?php // This is why you are getting the error. You are using the variables even if they aren't defined. // Your conditional logic is wrong (and this isn't even part of it - which it should be) list($user) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$user1_post'")); list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$pass1_post'")); to 'fix' this without modifying the logic (please don't do it this way) <?php $user1_post = ''; $pass1_post = ''; /// rest of code here. Quote Link to comment Share on other sites More sharing options...
darkfreaks Posted January 26, 2008 Share Posted January 26, 2008 turning off error report is not a solution its just a fix. try : <?php session_start(); $host = "mysql10.streamline.net"; $user = "prowebdes1"; $pass = "hello1"; $db = "prowebdes1"; $ms = mysql_connect($host, $user, $pass); if(!$ms) { echo "Error connecting to database.\n"; } mysql_select_db($db); if (isset($_GET['login'])) { $user1_post = addslashes($_GET["username_post"]); $pass1_post = addslashes($_GET["password_post"]); $pass1_post = md5($pass1_post); }else { echo " error message";} list($user) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$user1_post'")); list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$pass1_post'")); if($user1_post == "$user" and $pass1_post == "$pass") { $sql = mysql_query("SELECT * FROM `staff` WHERE username='$user' AND password='$pass'"); if(mysql_num_rows($sql)!= 1) { exit; } $result = mysql_fetch_array($sql); $_SESSION['session_username'] = $result['username']; $_SESSION['session_level'] = $result['level']; $_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR']; echo "<meta http-equiv=\"refresh\" content=\"0;url=main.php\">"; exit; } else { echo "<b>Your Username And Password Did Not Match</b>"; } ?> Quote Link to comment Share on other sites More sharing options...
awpti Posted January 26, 2008 Share Posted January 26, 2008 Actually, turning off 'error' reporting is a solution. NOTICES are not FATAL. Misnomer to refer to notices as errors This is just yapping at bad coding practices. Quote Link to comment Share on other sites More sharing options...
awpti Posted January 26, 2008 Share Posted January 26, 2008 to further clarify my previous post; if (isset($_GET['login'])) { //If this evaluates to false.. $user1_post = addslashes($_GET["username_post"]); // <--this isn't defined $pass1_post = addslashes($_GET["password_post"]); // <--this isn't defined $pass1_post = md5($pass1_post); // <-- obviously, not defined. } Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 26, 2008 Author Share Posted January 26, 2008 error message Notice: Undefined variable: user1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 38 Notice: Undefined variable: pass1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 40 Notice: Undefined variable: user1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 44 Notice: Undefined variable: pass1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 44 now ;/ <?php session_start(); $host = "mysql10.streamline.net"; $user = "x"; $pass = "x; $db = "prowebdes1"; $ms = mysql_connect($host, $user, $pass); if(!$ms) { echo "Error connecting to database.\n"; } mysql_select_db($db); if (isset($_GET['login'])) { $user1_post = addslashes($_GET["username_post"]); $pass1_post = addslashes($_GET["password_post"]); $pass1_post = md5($pass1_post); }else { echo " error message";} list($user) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$user1_post'")); list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$pass1_post'")); if($user1_post == "$user" and $pass1_post == "$pass") { $sql = mysql_query("SELECT * FROM `staff` WHERE username='$user' AND password='$pass'"); if(mysql_num_rows($sql)!= 1) { exit; } $result = mysql_fetch_array($sql); $_SESSION['session_username'] = $result['username']; $_SESSION['session_level'] = $result['level']; $_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR']; echo "<meta http-equiv=\"refresh\" content=\"0;url=main.php\">"; exit; } else { echo "<b>Your Username And Password Did Not Match</b>"; } ?> <body bgcolor="#F45000" bgproperties="fixed" style="background-image: url('habboback.gif')"> <p align="center"> </p> <center> <div align="center"> <table width="329" height="3" style="border-collapse: collapse" cellpadding="0" cellspacing="0" id="table2"> <tr> <td width="330" height="11" align="center"> </td> </tr> <tr> <td align="center" width="400" background="hk_middle.gif" height="342"> <form action="<?php echo "$PHP_SELF"; ?>?login=login" method="POST"> <font size="1"><br> <img border="0" src="enterHH%20copy.gif" width="105" height="106"><br> </font><table border="0" id="table3" width="252" height="87"> <tr> <td> <p align="center"><b><font size="1" face="Verdana">Username:</font></b></td> <td><? echo "<select size='1' name='username_post'> <option selected>Choose Your Name</option>"; include('dbConfig.php'); $result = mysql_query("SELECT * FROM `staff`"); while($worked = mysql_fetch_array($result)) { $username = $worked["username"]; echo "<option value=$username>$username</option>"; } mysql_close(); ?> </select></td> <td height="77" rowspan="4"> </td> </tr> <tr> <td> <p align="center"><font size="1" face="Verdana"><b>Password:</b></font></td> <td> <p align="center"><font color="#FFFFFF" size="1" face="Verdana"> <input type="password" name="password_post" size="26"></font></td> </tr> <tr> <td width="62"></td> <td width="172"> <input type='image' name='myclicker' src='hk_button.gif'></td> </tr> <tr> <td valign="top" colspan="2"> <p align="center"></td> </tr> </table> <p align="center"><font face="Verdana" size="1" color="#FFFFFF">Warning Your IP Address is <?php $ipa = getenv("REMOTE_ADDR"); echo "$ipa"; ?> Authorised FlyTropica staff only, we will do everything in our power to track down any unauthorised people. Abuse of this tool is strictly against the terms and conditions of service.</font></p> </form></td> </tr> </table> </div> <p align="center"> </p> Quote Link to comment Share on other sites More sharing options...
awpti Posted January 26, 2008 Share Posted January 26, 2008 Don't use the code given to you by darkfreaks. He didn't fix anything. Your logic leaves those variables undefined if $_POST['login'] I've already spoon-fed you the fix. Use it Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 26, 2008 Author Share Posted January 26, 2008 ok but i've just ended up with 'error message' being shown as in the 'else' ;/ but it doesn't even load are you saying that its in the wrong position? could you explain where it should be please. i dont really understand :S Quote Link to comment Share on other sites More sharing options...
sasa Posted January 26, 2008 Share Posted January 26, 2008 can we see form part of script Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 26, 2008 Author Share Posted January 26, 2008 scroll down the code its in ther Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 26, 2008 Author Share Posted January 26, 2008 but ftr <form action="<?php echo "$PHP_SELF"; ?>?login=login" method="POST"> <font size="1"><br> <img border="0" src="enterHH%20copy.gif" width="105" height="106"><br> </font><table border="0" id="table3" width="252" height="87"> <tr> <td> <p align="center"><b><font size="1" face="Verdana">Username:</font></b></td> <td><? echo "<select size='1' name='username_post'> <option selected>Choose Your Name</option>"; include('dbConfig.php'); $result = mysql_query("SELECT * FROM `staff`"); while($worked = mysql_fetch_array($result)) { $username = $worked["username"]; echo "<option value=$username>$username</option>"; } mysql_close(); ?> </select></td> <td height="77" rowspan="4"> </td> </tr> <tr> <td> <p align="center"><font size="1" face="Verdana"><b>Password:</b></font></td> <td> <p align="center"><font color="#FFFFFF" size="1" face="Verdana"> <input type="password" name="password_post" size="26"></font></td> </tr> <tr> <td width="62"></td> <td width="172"> <input type='image' name='myclicker' src='hk_button.gif'></td> </tr> <tr> <td valign="top" colspan="2"> <p align="center"></td> </tr> </table> <p align="center"><font face="Verdana" size="1" color="#FFFFFF">Warning Your IP Address is <?php $ipa = getenv("REMOTE_ADDR"); echo "$ipa"; ?> Authorised FlyTropica staff only, we will do everything in our power to track down any unauthorised people. Abuse of this tool is strictly against the terms and conditions of service.</font></p> </form></td> </tr> </table> </div> Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 26, 2008 Author Share Posted January 26, 2008 hmm why is it evaluating to false ;S Quote Link to comment Share on other sites More sharing options...
sasa Posted January 26, 2008 Share Posted January 26, 2008 wher you submit your form Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 26, 2008 Author Share Posted January 26, 2008 On the same page. Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 28, 2008 Author Share Posted January 28, 2008 bump! Quote Link to comment Share on other sites More sharing options...
trq Posted January 28, 2008 Share Posted January 28, 2008 The problem is simple. You are trying to use variables which aren't defined. before using any variables, check to see if they exist. eg; <?php if (isset($_POST['foo'])) { // it is safe to use $_POST['foo'] within here. } ?> This should be done for all user submitted variables. Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 28, 2008 Author Share Posted January 28, 2008 but i am :S if (isset($_GET['login'])) { $user1_post = addslashes($_POST["username_post"]); $pass1_post = addslashes($_POST["password_post"]); $pass1_post = md5($pass1_post); }else { echo " error message";} ?> Quote Link to comment Share on other sites More sharing options...
trq Posted January 28, 2008 Share Posted January 28, 2008 No your not. Your checking to see if $_GET['login'] exists, then going ahead and attempting to use $_POST["username_post"] and $_POST["password_post"]. Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 28, 2008 Author Share Posted January 28, 2008 so i should have if (isset($_GET['LOGIN'])) { instead of $_POST? Quote Link to comment Share on other sites More sharing options...
trq Posted January 28, 2008 Share Posted January 28, 2008 I don't know, didn't look at your code. All I'm saying is you need to check the variables you want to use exist before using them. Quote Link to comment Share on other sites More sharing options...
rofl90 Posted January 28, 2008 Author Share Posted January 28, 2008 Ah ok. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.