Help needed with Recurring error: Notice: Undefined index

[jpmad4it]

Hi there,

 

I am trying to incorporate Advanced Login System into my site, but I keep getting errors such as:

 

Notice: Undefined index: REMOTE_HOST in /my_root_path/htdocs/login.inc.php on line 229

 

Notice: Undefined index: rmbpw in /my_root_path/htdocs/login.inc.php on line 102

 

Notice: Undefined variable: _SESSION in /my_root_path/htdocs/login.inc.php on line 51

 

Notice: Undefined index: HTTP_REFERER in /my_root_path/htdocs/login.inc.php on line 56

 

There is no problem with the system if I place it straight onto the server "as is". The problems started when I tried to include the main content of the login file as an "inc.php" file.

 

What I have done is taken the original index.php file of the system and placed

<?php include ('login.inc.php'); ?> so that the login system is included as a separate file. This gives me the file login.php, which has the style of the original site with the login form included in it. I think that maybe some code is conflicting from the original system with the login code.

 

Here is the code for login.php:

 

<?php
session_start();
error_reporting(E_ALL);

include_once ("config/config.php");
include_once('libs/phemplate.class.inc');
include_once('libs/vilkmerge.class.inc');
include_once('libs/catalog.class.inc');

$engine = new vilkmerge();
$catalog = new Catalog();
$banners = new banners();
include('inc/tpl.inc');


// gathering top menus from database 

$sql="SELECT M.id, M.parent, N.name, M.hover_title, M.meta_description, N.lang, M.theorder FROM menu M INNER JOIN menu_names N ON M.id = N.menu_id AND N.lang = 'lithuanian' ORDER BY M.theorder ASC"; 								

$get_header_menu=mysql_query($sql);
$menu_number=mysql_num_rows($get_header_menu);
$menu_width =round(100/$menu_number);

$menu_contents='';
$menu_contents.='<table cellpadding="1" width="900px" cellspacing="1"><tbody><tr>';
while ($list_menu=mysql_fetch_array($get_header_menu)){

$menu_contents.='<td width="'.$menu_width.'%"><div align="center">
<a href="'.processLink2($list_menu["id"],$list_menu["name"]).'">'.$list_menu["name"].'</a></div></td>';

}
$menu_contents.='</tr></tbody></table>';
// end of top menu gathering

// random featured girls
$random_girl=mysql_fetch_array(mysql_query("SELECT PI.product_id, P.name, PI.filename FROM product_images PI INNER JOIN products P ON PI.product_id=P.id WHERE P.featured=1 GROUP BY P.name ORDER BY RAND() LIMIT 1"));

if ($random_girl){
$featured_girl='<table width="100%" border="0" cellpadding="0" cellspacing="0" class="border" bgcolor="#D83C85"><tr><td height="20" align="center"><strong>Featured  Escort</strong></td></tr><tr><td align="center" style=" font-family:Verdana, Arial, Helvetica, sans-serif; font-size:11px; color:#FFFFFF;">
<a href="'.processLink($random_girl["product_id"], $random_girl["name"]).'"><img border=0 src="makethumb.php?pic=product_images/'.$random_girl["filename"].'&w=145&sq=N" /></a></td></tr><tr><td align="center" style=" padding-bottom:5px; padding-top:5px; color:#FFFFFF;"><strong>'.$random_girl["name"].'</strong></td></tr></table>	<br>';
} else {
$featured_girl='';
}


// collecting left menu
$query = mysql_query("SELECT * FROM catalog WHERE lang='lithuanian' ORDER BY `theorder` ");
$left_menu='';

while ($row = mysql_fetch_array($query)) {
	if ($row["parent"]!='0'){
	$left_menu.= "d.add(".$row["id"].",".$row["parent"].",'".$row["name"]."','".processLink1($row["id"], $row["name"])."'); \n";
		}else {
	$left_menu.= "d.add(".$row["id"].",".$row["parent"].",'".$row["name"]."',''); \n";
	}
}


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<? 
$new_title=$setts['sitename'];
if(isset($_GET["product"])){

$title=mysql_fetch_array(mysql_query("SELECT name, id FROM products WHERE id='".$_GET["product"]."'"));
$details=mysql_query("SELECT CF.theorder, PD.field_id, PD.text, CF.name
FROM product_details PD
LEFT JOIN catalog_fields CF ON CF.id=PD.field_id
WHERE PD.product_id='".$title["id"]."'
GROUP BY CF.theorder");

$new_title=$setts['sitename']." ".$title["name"];

while ($list_title=mysql_fetch_array($details)){
$new_title.="-".$list_title["name"]."-".$list_title["text"];
}
}?>
<title>
<?=$new_title;?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/main.css" />
<script type="text/javascript" src="/js/stuff/site_stuff.js"></script>
<script type='text/javascript' src='js/dtree.js'></script>
<meta name="Keywords" content="" />
<meta name="Description" content="" />
<meta name="rating" content="general" />
<meta name="distribution" content="global" />
<meta name="robots" content="index, follow" />
<meta name="revisit-after" content="5 days" />
</head>
<body lang="en" xml:lang="en">
<div id="header_container">
  <div id="top_menu_container">
    <ul id="top_menu_nav">
      <li>
        <div class="header">
          <?=$menu_contents;?>
        </div>
      </li>
    </ul>
  </div>
  <img src="images/header_top.jpg" width="900" height="190" /></div>
<div id="main_container">
  <div id="content_container">
    <div id="left_container">
      <div class="button">
        <script type="text/javascript">
					d = new dTree('d');
					d.add(0,-1,'ALL ESCORTS GALLERY','index.php?id=all');
					<?=$left_menu;?>
					document.write(d);
				</script>
      </div>
      <div class="button2">
        <? include "newest.php";?>
      </div> 
    </div>
    <div id="top_container_right">
      <div class="text_box">
        <div align="center"><a href="work.php">EMPLOYMENT</a></div>
      </div>
      <div class="bigTArea">
        <p align="center">
          <?=$featured_girl;?>
        </p>
        <p align="center"> </p>
        <form action="search_girls.php" method="post">
          <table width="100%" border="0" cellpadding="0" cellspacing="0" class="search_box">
            <tr >
              <td><div  class="text_box" align="center">ADVANCED SEARCH</div></td>
            </tr>
            <tr>
              <td class="search_box" style="search_box"><?php $catalog->searchbox(); ?>
                <p align="center">
                  <input type="submit" name="make_filter" value="Search" />
                  <br />
                  <br />
              </p></td>
            </tr>
          </table>
        </form>
        </p>
      </div>
    </div>
    <div id="middle">
      <?php include ('login.inc.php'); ?>
    </div>
  </div>
</div>
<?php include('footer.php'); ?>
</div>
</body>
</html>

 

As you can see the login.inc.php is included in the file above. Now here is the code for login.inc.php:

 

<?php
/* DO NOT EDIT THIS FILE UNLESS YOU KNOW WHAT YOU ARE DOING! */
/*
login.php
*/

//this function disables errors when header code is not on the 1st line of code.
ob_start();
//include the configuration file. fatal error if file doesn't exist
require ("config/config_log.php");
//checking of sql database
$check_db = "SELECT * FROM ".$mysql_pretext."_users";
$check_db2 = "SELECT * FROM ".$mysql_pretext."_logins";
if (!mysql_query ($check_db) || !mysql_query ($check_db2))
{
//if tables doesn't exist,then install the tables
include ("install.php");
}
else
{
//checking of install file
if (file_exists ("install.php")) die ("<font color=\"red\">FATAL ERROR. INSTALL.PHP EXISTS! POSSIBLE SECURITY RISK! TERMINATING PROGRAM</font>");
}
//session_start(); 
//begin to wipe datebase entries
if ($development == TRUE)
{
//chance the time between 3 failed login attempts and another login attempt to 10 seconds only
//for developmental user
$timeframe = time() - 10;
}
else
{
$timeframe = time() - 15*60;
}
$command = "DELETE  FROM ".$mysql_pretext."_logins WHERE lastattempt < '".$timeframe."'";
mysql_query ($command)
or die(mysql_error()); 
//check if the use is logged in 1st. If not logged in,why bother logging them out?
if (isset ($_SESSION['loggedin']) && isset ($_SESSION['time']))
{
//destroys the login sessions
unset ($_SESSION);
session_destroy();
//set the last IP
$command = "UPDATE ".$mysql_pretext."_users SET lastip='$_SERVER[REMOTE_ADDR]' WHERE username='$_SESSION[loggedin]'";
mysql_query ($command)
	or die (mysql_error());
print '<html><head><title>Logout</title></head><body>';
//get the link to return
if ($_SERVER['HTTP_REFERER']) $link = $_SERVER['HTTP_REFERER'];
else $link = $_SERVER['PHP_SELF'];
print '<p align="center">You are logged out. Thank you for using Advanced Login System. A copy can be obtained from <a href="http://www.iqueststudios.com" target="_blank">www.iqueststudios.com</a></p><p align="center"><a href="'.$link.'">Continue</a></p>';
die();
}
else if (isset($_POST['login']))
{
//set the ip addr of the browser. combine the IP addr with the hostname and port number to reduce risks of two users with the same IP from different proxies from getting mixed up.
//ipaddr is md5"ed" to prevent leakage of private information.
$ipaddr = md5 ($_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_HOST'].$_SERVER['HTTP_USER_AGENT']);
//get current timestamp
//$time =date('U');
//check if there is already a log of the user in the database
$mysql1 = "SELECT * FROM ".$mysql_pretext."_logins WHERE ipaddr='$ipaddr'";
$mysql2 = mysql_query ($mysql1)
	or die(mysql_error());
$mysql3 = mysql_fetch_array ($mysql2);
//create a log of user if non existent
if (!$mysql3)
{
	$mysql2 = "INSERT INTO  ".$mysql_pretext."_logins (ipaddr,tries,lastattempt,attuser,logexpire) VALUES ('$ipaddr',0,'0',0,0)";
	mysql_query ($mysql2) or die (mysql_error());
	//debug messages
	//print "You have been logged<br />";
	//print $ipaddr.'<br />';
	//print $time;
}
//if not, then create a log of the user
else
{
	$logged = 1;
	//debug messages
	//print "You were logged<br />";
	//print $ipaddr.'<br />';
	//print $time;
}
//link to stylesheet. change this to suit your own website
print '<link rel="stylesheet" type="text/css" href="style.css" />';
//check if the anti hacking cookie is set or has reached its limit
//$_COOKIE['tries'] = $mysql3['tries'];
if (!isset ($myql3['tries']) || $mysql3['tries'] != '0')
{

	//define all the vars in case the server don't support the use of global vars
	$username = strip_tags ($_POST['username']);
	$password = strip_tags ($_POST['password']);
	$rmbpw = $_POST['rmbpw'];
	//if there is need for image validation
	if ($display_bot_image_login)
	{
		$code = $_POST['code'];
		//$realcode = $_POST['realcode'];
		//?imgtxt=".base64_encode ($imgtxt)."\
		//incorrect number
		$realcode = rawurldecode (base64_decode ($_SESSION['imgcode'])); 
		$realcode = str_replace (' ' , '' ,$realcode); 
		if (md5($code) != md5 ($realcode))
		{
			//print $mysql3['lastattempt'];
			$expire = time()+(10);
			if ($mysql3['tries'] <= '3' && $mysql3['tries'] != 0)
			{
				//reduce the number of tries
				$tries = $mysql3['tries'] - 1;
				//print $tries;
				print '<p align="center">Invalid validation code.<b>'.$tries.'</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
				//setcookie ('tries', $tries, time()+900, '/', '', 0);
				$update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '$tries',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'";
				$update2 = mysql_query ($update1)
					or die(mysql_error());
				die();
			}
			else// if ($mysql3['lastattempt'] == '0')
			{
				//set the cookie to hold the variable
				print '<p align="center">Invalid validation code.<b>3</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
				//setcookie ('tries', 3, time()+900, '/', '', 0);
				$update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '3',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'";
				$update2 = mysql_query ($update1)
					or die(mysql_error());
				die();
			}	
			/*else
			{
				print "ERROR CODE: 1";
				die();
			}*/			
		}
		//continue
	}
	//encode the password in the same encoding as that stored in the db
	$mpassword = md5($password);
	//search for the user.
	//check if there is need to validate the account and use suitable MySQL command
	if ($need_to_validate_acct == TRUE) 
	{ 
		$search_login = "SELECT * FROM ".$mysql_pretext."_users WHERE username='$username' AND password='$mpassword' AND validated='1'"; 
	}
	else 
	{
		$search_login = "SELECT * FROM ".$mysql_pretext."_users WHERE username='$username' AND password='$mpassword'";
	}
	$search_login2 = mysql_query ($search_login) or die (mysql_error()) ;
	$search_login3 = mysql_fetch_array ($search_login2);

	if ($search_login3) 
	{
		//valid login!
		if (isset ($rmbpw))
		{
			//set these cookie to remember the user next time he logs in.
			setcookie ('username', $username, time()+1209600, '/', '', 0); 
			setcookie ('password', base64_encode ($password), time()+1209600, '/', '', 0);
		}
		//if don't wish to continue remembering username and password
		else if(empty ($rmbpw) && isset ($_COOKIE['username']) && isset ($_COOKIE['password']))
		{
			//remove these cookie.
			setcookie ('username', '', time()-60, '/', '', 0); 
			setcookie ('password', '', time()-60, '/', '', 0);
		}
		//start the sessions
		//the line is to be replaced on top line of page
		//session_start();
		//remove the anti-hacking cookie-feature-redundant now
		//setcookie ('tries', '', time()-60, '/', '', 0);
		$_SESSION['loggedin'] = $_POST['username'];
		$_SESSION['time'] = time();
		//header ('Location: '.$PHP_SELF);
		//exit;
		if ($development == TRUE) print "<meta http-equiv=\"Refresh\" content=\"5; url=".$PHP_SELF."\">";			
		else print "<meta http-equiv=\"Refresh\" content=\"0; url=".$PHP_SELF."\">";
	} 
	else 
	{
		//invalid login!
		if ($mysql3['tries'] <= '3' && $mysql3['tries'] != 0)
		{
			//reduce the number of tries
			//$tries = $_COOKIE['tries'] - 1;
			$tries = $mysql3['tries'] - 1;
			print '<p align="center">Invalid username and password combination or non-activated account.<b>'.$tries.'</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
			//setcookie ('tries', $tries, time()+900, '/', '', 0);
			$update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '$tries',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'";
			$update2 = mysql_query ($update1)
				or die(mysql_error());				
			die();
		}
		else
		{
			//set the cookie to hold the variable
			print '<p align="center">Invalid username and password combination or non-activated account.<b>3</b> tries left.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
			//setcookie ('tries', 3, time()+900, '/', '', 0);
			$update1 = "UPDATE ".$mysql_pretext."_logins SET tries = '3',attuser='$username',lastattempt='".time()."',logexpire='$expire' WHERE ipaddr = '$ipaddr'";
			$update2 = mysql_query ($update1)
				or die(mysql_error());
			die();
		}
	}

}
else 
{
	//block the computer from logging in
	print '<p align="center">You have entered invalid data for 3 times in a row. Please wait 15 minutes to try again.</p><p align="center"><a href="'.$_SERVER['HTTP_REFERER'].'">Retry?</a></p>';
}
mysql_close();
}
//if the user did not click login.
else
{
//set the ip addr of the browser. combine the IP addr with the hostname and port number to reduce risks of two users with the same IP from different proxies from getting mixed up.
//ipaddr is md5"ed" to prevent leakage of private information.
$ipaddr = md5 ($_SERVER['REMOTE_ADDR'].$_SERVER['REMOTE_HOST'].$_SERVER['HTTP_USER_AGENT']);
//get current timestamp
$time =date('U');
//check if there is already a log of the user in the database
$mysql1 = "SELECT * FROM ".$mysql_pretext."_logins WHERE ipaddr='$ipaddr'";
$mysql2 = mysql_query ($mysql1)
	or die(mysql_error());
$mysql3 = mysql_fetch_array ($mysql2);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title></title>
<!--<link rel="stylesheet" type="text/css" href="css/log_style.css" />-->
<script type="text/javascript">
function popUp(URL) {
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(URL, '" + id + "', 'toolbar=0,scrollbars=0,location=0,statusbar=1,menubar=0,resizable=0,width=400,height=300,left = 337,top = 159');");
}
</script>
</head>
<body>
<center>
</center>
<table width="300" border="1" cellspacing="1px" cellpadding="5px" align="center" style="border-style:solid; border-width:2px; border-collapse:collapse;">
  <tr bgcolor="#666666" height="25px">
    <td><div class="log_heading">Login</div></td>
  </tr>
  <tr bgcolor="#410121" height="200">
    <td valign="top">
      <p>Welcome. Please login.</p>
      <p> </p>
      <form action="<?php //print $_SERVER['PHP_SELF']; ?>" method="post" name="login">
    <p>Username: <input type="text" name="username" value="<?php if (isset ($_COOKIE['username'])){print $_COOKIE['username'];}?>" size="20" />
        </p>
    <p><br />
      Password:  <input type="password" name="password" value="<?php if (isset ($_COOKIE['password'])){print base64_decode ($_COOKIE['password']);}?>" size="20" />
          </p><br/>
    <?php 
if ($display_bot_image_login)
{
	$img1 = rand (1,9);
	$img2 = rand (1,9);
	$img3 = rand (1,9);
	$img4 = rand (1,9);
	$imgtxt = $img1.'%20'.$img2.'%20'.$img3.'%20'.$img4;
	$_SESSION ['imgcode'] = base64_encode ($imgtxt);
	//print "<input type=\"hidden\" name=\"realcode\" value=\"".md5($imgtxt)."\" />";
	print "Enter the number below: <input type=\"text\" name=\"code\" size=\"4\" maxlength=\"4\" /><br /><img src=\"makeimg.php\" /><br />";
	print "<small>(<a href=\"#\" onClick=\"history.go()\">refresh</a> if you cannot see the number)</small><br />";
	print "<br />";
}
?>
Remember Pass? <input type="checkbox" name="rmbpw" <?php if (isset ($_COOKIE['password'])){print "checked=checked";} ?> />
<input type="submit" value="Login" name="login" <?php if ($mysql3['tries'] <= '0'&& $mysql3['lastattempt'] != 0 /* &&time() > $mysql3['logexpire']*/) {print 'disabled="disabled"'; } ?> />
</form>
<? if ($allow_guest_to_register)
{
?>
<a href="#" onClick="popUp('register.php')">Register | </a>
<? } ?>
<a href="#" onClick="popUp('reset.php')">Forgot Password?</a>
</td>
  </tr>
</table>
<hr align="center" width="400px" />
<div align="center">© iQuest Studios 2007</div>
</body>
</html>
<?php 
}
ob_end_flush();
?>

 

Sorry about the huge amount of code. Just a note, I have 2 config files. One for the login.php file and one for the login.inc.php file. Could this cause the errors? I have done a lot of research on google the errors given are usually corrected by fixing the (isset($_POST['login'])) to (isset($_GET['login'])). I tried this but it didnt work.

 

If anyone can help I'd really appreciate this as its been driving me crazy at work for days now!

 

Regards

Jp 

[nevernamed]

I am also having the same problem. But the code that I am using:

<?php
    $path = "" . $_GET['act'] . ".php";
    $root = "home.php";
    if(is_file($path))
    {
        require($path);
    }
    else
    {
        require($root);
	}
?>

Is a little bit different, and the error that I'm getting:

Notice: Undefined index: act in (path) on the line where the code starts

Any help would be really appreciated.

[DarkWater]

Those are just notices warning you of undefined indexes, but sometimes you need to use them.  Put this line at the top of your php file or set it in php.ini:

 

error_report(E_ALL & ~E_NOTICE);

[nevernamed]

Does it matter where in the php.conf (linux) file that I put it?

 

Would you mind explaining this error a little bit further, I appreciate the fix, but I really have no clue what it means.

 

Thanks!

[GingerRobot]

The most likely cause of these is that you not placing quotes around a key of an array which is a string. PHP then thinks the key is a constant, rather than a string. It can cope, because if PHP finds an undefined constant, it treats it as a string.

 

I disagree with DarkWater that doing the above is a fix. It merely hides the problem.

 

I'll direct you to my tutorial for a fuller explanation:

 

http://www.phpfreaks.com/tutorial/debugging-a-beginners-guide

 

In particular, see page 4.