[SOLVED] Notice: Undefined index: login in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel

[rofl90]

Heres a bit of my code

 

<?php

session_start();

$host = "mysql10.streamline.net";

$user = "xxx";

$pass = "xxx";

$db = "prowebdes1";



$ms = mysql_connect($host, $user, $pass);

if(!$ms) { echo "Error connecting to database.\n"; }

mysql_select_db($db);



if($_GET['login'] == "login") {

$user1_post = addslashes($_POST["username_post"]);

$pass1_post = addslashes($_POST["password_post"]);

$pass1_post = md5($pass1_post);

if($user1_post == "" or $pass1_post == "") { echo "<b>You Did Not Enter A Password</b>"; exit; }

[rofl90]

Couldn't edit:

 

Btw I don't see why its an error as I do define it has login ?

 

:S Could somebody explain =)

 

Thx

[darkfreaks]

try:

<?php

if (isset($_GET['login'])) {

$user1_post = addslashes($_POST["username_post"]);

$pass1_post = addslashes($_POST["password_post"]);

$pass1_post = md5($pass1_post);

}else { echo " error message";}

?>

[rofl90]

error message

Notice: Undefined variable: user1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 37

 

Notice: Undefined variable: pass1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 39

 

Notice: Undefined variable: user1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 43

 

Notice: Undefined variable: pass1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 43

 

<?php

session_start();

$host = "mysql10.streamline.net";

$user = "prowebdes1";

$pass = "hello1";

$db = "prowebdes1";



$ms = mysql_connect($host, $user, $pass);

if(!$ms) { echo "Error connecting to database.\n"; }

mysql_select_db($db);




if (isset($_GET['login'])) {

$user1_post = addslashes($_POST["username_post"]);

$pass1_post = addslashes($_POST["password_post"]);

$pass1_post = md5($pass1_post);

}else { echo " error message";}




list($user) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$user1_post'"));

list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$pass1_post'"));



if($user1_post == "$user" and $pass1_post == "$pass") {

$sql = mysql_query("SELECT * FROM `staff` WHERE username='$user' AND password='$pass'");

if(mysql_num_rows($sql)!= 1) { exit; }

$result = mysql_fetch_array($sql);



$_SESSION['session_username'] = $result['username'];

$_SESSION['session_level'] = $result['level'];

$_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR'];



echo "<meta http-equiv=\"refresh\" content=\"0;url=main.php\">";

        exit;

} else { echo "<b>Your Username And Password Did Not Match</b>"; }
?>



<body bgcolor="#F45000" bgproperties="fixed" style="background-image: url('habboback.gif')">







<p align="center"> 

</p>



<center>

<div align="center">

<table width="329" height="3" style="border-collapse: collapse" cellpadding="0" cellspacing="0" id="table2">

<tr>

			<td width="330" height="11" align="center">

                </td>

		</tr>

<tr>

			<td align="center" width="400" background="hk_middle.gif" height="342">

			<form action="<?php echo "$PHP_SELF"; ?>?login=login" method="POST">

                  <font size="1"><br>

				 <img border="0" src="enterHH%20copy.gif" width="105" height="106"><br>

 </font><table border="0" id="table3" width="252" height="87">

<tr>

	<td>

	<p align="center"><b><font size="1" face="Verdana">Username:</font></b></td>

	<td><?

echo "<select size='1' name='username_post'>

<option selected>Choose Your Name</option>";

include('dbConfig.php');

$result = mysql_query("SELECT * FROM `staff`");

while($worked = mysql_fetch_array($result)) {

$username = $worked["username"];

echo "<option value=$username>$username</option>";

}

mysql_close(); ?>

</select></td>

	<td height="77" rowspan="4"> </td>

	</tr>

<tr>

	<td>

	<p align="center"><font size="1" face="Verdana"><b>Password:</b></font></td>

	<td>

	<p align="center"><font color="#FFFFFF" size="1" face="Verdana"> 

	<input type="password" name="password_post" size="26"></font></td>

</tr>

<tr>

	<td width="62"></td>

	<td width="172">

	 <input type='image' name='myclicker' src='hk_button.gif'></td>

	</tr>

	<tr>

	<td valign="top" colspan="2">

	<p align="center"></td>

	</tr>

</table>

<p align="center"><font face="Verdana" size="1" color="#FFFFFF">Warning Your IP Address is 
<?php
$ipa = getenv("REMOTE_ADDR");
echo "$ipa";
?>
Authorised FlyTropica staff only, we will do everything in our power to track down any 

unauthorised people. Abuse of this tool is strictly against the terms and 

conditions of service.</font></p>

</form></td>

</tr>

</table>



</div>













<p align="center"> </p>

[rofl90]

Thats rather strange it is defined...:

 

$user1_post = addslashes($_POST["username_post"]);

$pass1_post = addslashes($_POST["password_post"]);

 

its defined riiight there.

[awpti]

Turn off error reporting.

 

You don't NEED to fix those since they aren't, technically, errors. Just notices that it was undefined before.

 

To truly fix it: - See my comments in the code.

 

<?php

// This is why you are getting the error. You are using the variables even if they aren't defined.
// Your conditional logic is wrong (and this isn't even part of it - which it should be)
list($user) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$user1_post'"));

list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$pass1_post'"));

 

to 'fix' this without modifying the logic (please don't do it this way)

 

<?php
$user1_post = '';
$pass1_post = '';

/// rest of code here.

[darkfreaks]

turning off error report is not a solution its just a fix.

 

 

try :

 

 

<?php

session_start();

$host = "mysql10.streamline.net";

$user = "prowebdes1";

$pass = "hello1";

$db = "prowebdes1";



$ms = mysql_connect($host, $user, $pass);

if(!$ms) { echo "Error connecting to database.\n"; }

mysql_select_db($db);




if (isset($_GET['login'])) {

$user1_post = addslashes($_GET["username_post"]);


$pass1_post = addslashes($_GET["password_post"]);

$pass1_post = md5($pass1_post);

}else { echo " error message";}




list($user) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$user1_post'"));

list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$pass1_post'"));



if($user1_post == "$user" and $pass1_post == "$pass") {

$sql = mysql_query("SELECT * FROM `staff` WHERE username='$user' AND password='$pass'");

if(mysql_num_rows($sql)!= 1) { exit; }

$result = mysql_fetch_array($sql);



$_SESSION['session_username'] = $result['username'];

$_SESSION['session_level'] = $result['level'];

$_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR'];



echo "<meta http-equiv=\"refresh\" content=\"0;url=main.php\">";

        exit;

} else { echo "<b>Your Username And Password Did Not Match</b>"; }
?>

[awpti]

Actually, turning off 'error' reporting is a solution.

 

NOTICES are not FATAL. Misnomer to refer to notices as errors

 

This is just yapping at bad coding practices.

[awpti]

to further clarify my previous post;

 

if (isset($_GET['login'])) { //If this evaluates to false..

$user1_post = addslashes($_GET["username_post"]); // <--this isn't defined
$pass1_post = addslashes($_GET["password_post"]); // <--this isn't defined
$pass1_post = md5($pass1_post); // <-- obviously, not defined.

}

[rofl90]

error message

Notice: Undefined variable: user1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 38

 

Notice: Undefined variable: pass1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 40

 

Notice: Undefined variable: user1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 44

 

Notice: Undefined variable: pass1_post in e:\domains\m\myhabs.co.uk\user\htdocs\v2\panel\index.php on line 44

 

now ;/

 

<?php

session_start();

$host = "mysql10.streamline.net";

$user = "x";

$pass = "x;

$db = "prowebdes1";



$ms = mysql_connect($host, $user, $pass);

if(!$ms) { echo "Error connecting to database.\n"; }

mysql_select_db($db);




if (isset($_GET['login'])) {

$user1_post = addslashes($_GET["username_post"]);


$pass1_post = addslashes($_GET["password_post"]);

$pass1_post = md5($pass1_post);

}else { echo " error message";}




list($user) = mysql_fetch_array(mysql_query("SELECT `username` FROM `staff` WHERE username='$user1_post'"));

list($pass) = mysql_fetch_array(mysql_query("SELECT `password` FROM `staff` WHERE password='$pass1_post'"));



if($user1_post == "$user" and $pass1_post == "$pass") {

$sql = mysql_query("SELECT * FROM `staff` WHERE username='$user' AND password='$pass'");

if(mysql_num_rows($sql)!= 1) { exit; }

$result = mysql_fetch_array($sql);



$_SESSION['session_username'] = $result['username'];

$_SESSION['session_level'] = $result['level'];

$_SESSION['session_ip'] = $_SERVER['REMOTE_ADDR'];



echo "<meta http-equiv=\"refresh\" content=\"0;url=main.php\">";

        exit;

} else { echo "<b>Your Username And Password Did Not Match</b>"; }
?>



<body bgcolor="#F45000" bgproperties="fixed" style="background-image: url('habboback.gif')">







<p align="center"> 

</p>



<center>

<div align="center">

<table width="329" height="3" style="border-collapse: collapse" cellpadding="0" cellspacing="0" id="table2">

<tr>

			<td width="330" height="11" align="center">

                </td>

		</tr>

<tr>

			<td align="center" width="400" background="hk_middle.gif" height="342">

			<form action="<?php echo "$PHP_SELF"; ?>?login=login" method="POST">

                  <font size="1"><br>

				 <img border="0" src="enterHH%20copy.gif" width="105" height="106"><br>

 </font><table border="0" id="table3" width="252" height="87">

<tr>

	<td>

	<p align="center"><b><font size="1" face="Verdana">Username:</font></b></td>

	<td><?

echo "<select size='1' name='username_post'>

<option selected>Choose Your Name</option>";

include('dbConfig.php');

$result = mysql_query("SELECT * FROM `staff`");

while($worked = mysql_fetch_array($result)) {

$username = $worked["username"];

echo "<option value=$username>$username</option>";

}

mysql_close(); ?>

</select></td>

	<td height="77" rowspan="4"> </td>

	</tr>

<tr>

	<td>

	<p align="center"><font size="1" face="Verdana"><b>Password:</b></font></td>

	<td>

	<p align="center"><font color="#FFFFFF" size="1" face="Verdana"> 

	<input type="password" name="password_post" size="26"></font></td>

</tr>

<tr>

	<td width="62"></td>

	<td width="172">

	 <input type='image' name='myclicker' src='hk_button.gif'></td>

	</tr>

	<tr>

	<td valign="top" colspan="2">

	<p align="center"></td>

	</tr>

</table>

<p align="center"><font face="Verdana" size="1" color="#FFFFFF">Warning Your IP Address is 
<?php
$ipa = getenv("REMOTE_ADDR");
echo "$ipa";
?>
Authorised FlyTropica staff only, we will do everything in our power to track down any 

unauthorised people. Abuse of this tool is strictly against the terms and 

conditions of service.</font></p>

</form></td>

</tr>

</table>



</div>













<p align="center"> </p>

[awpti]

Don't use the code given to you by darkfreaks. He didn't fix anything.

 

Your logic leaves those variables undefined if $_POST['login']

 

I've already spoon-fed you the fix. Use it

[rofl90]

ok but i've just ended up with 'error message' being shown as in the 'else' ;/ but it doesn't even load are you saying that its in the wrong position? could you explain where it should be please. i dont really understand :S

[sasa]

can we see form part of script

[rofl90]

scroll down the code its in ther

[rofl90]

but ftr

<form action="<?php echo "$PHP_SELF"; ?>?login=login" method="POST">

                  <font size="1"><br>

				 <img border="0" src="enterHH%20copy.gif" width="105" height="106"><br>

 </font><table border="0" id="table3" width="252" height="87">

<tr>

	<td>

	<p align="center"><b><font size="1" face="Verdana">Username:</font></b></td>

	<td><?

echo "<select size='1' name='username_post'>

<option selected>Choose Your Name</option>";

include('dbConfig.php');

$result = mysql_query("SELECT * FROM `staff`");

while($worked = mysql_fetch_array($result)) {

$username = $worked["username"];

echo "<option value=$username>$username</option>";

}

mysql_close(); ?>

</select></td>

	<td height="77" rowspan="4"> </td>

	</tr>

<tr>

	<td>

	<p align="center"><font size="1" face="Verdana"><b>Password:</b></font></td>

	<td>

	<p align="center"><font color="#FFFFFF" size="1" face="Verdana"> 

	<input type="password" name="password_post" size="26"></font></td>

</tr>

<tr>

	<td width="62"></td>

	<td width="172">

	 <input type='image' name='myclicker' src='hk_button.gif'></td>

	</tr>

	<tr>

	<td valign="top" colspan="2">

	<p align="center"></td>

	</tr>

</table>

<p align="center"><font face="Verdana" size="1" color="#FFFFFF">Warning Your IP Address is 
<?php
$ipa = getenv("REMOTE_ADDR");
echo "$ipa";
?>
Authorised FlyTropica staff only, we will do everything in our power to track down any 

unauthorised people. Abuse of this tool is strictly against the terms and 

conditions of service.</font></p>

</form></td>

</tr>

</table>



</div>

[rofl90]

hmm why is it evaluating to false ;S

[sasa]

wher  you submit your form

[rofl90]

On the same page.

[rofl90]

bump!

[trq]

The problem is simple. You are trying to use variables which aren't defined. before using any variables, check to see if they exist. eg;

 

<?php

  if (isset($_POST['foo'])) {
    // it is safe to use $_POST['foo'] within here.
  }

?>

 

This should be done for all user submitted variables.

[rofl90]

but i am :S

 

if (isset($_GET['login'])) {

 

$user1_post = addslashes($_POST["username_post"]);

 

$pass1_post = addslashes($_POST["password_post"]);

 

$pass1_post = md5($pass1_post);

 

}else { echo " error message";}

 

?>

[trq]

No your not. Your checking to see if $_GET['login'] exists, then going ahead and attempting to use $_POST["username_post"] and $_POST["password_post"].

[rofl90]

so i should have

if (isset($_GET['LOGIN'])) {

 

instead of $_POST?

[trq]

I don't know, didn't look at your code. All I'm saying is you need to check the variables you want to use exist before using them.

[rofl90]

Ah ok.