Notice: Undefined index:

Hi all, I am trying to get a login page to work for a Uni project. I have written the code and it works on the Uni server but when i try running it on XAMPP at home i get the following errors.

Notice: Undefined index: pass in C:\xampp\htdocs\sandbox5xxx\index.php on line 36
Notice: Undefined index: user in C:\xampp\htdocs\sandbox5xxx\index.php on line 38

As it works on the Uni server i am thinking it must be a configuration setting in one of XAMPPs files.
I have attached the file with the code.
I have been trying to figure this out for a week with no joy, any help would be amazing.
Many thanks in advance, taffy

---

index.txt (1.58 KB)

Simple fix. First check to make sure the POST variables are set.

if (isset($_POST[‘pass’])){
$pword = $_POST[‘pass’];
}

if (isset($_POST[‘user’])){
$uname = $_POST[‘user’];
}

You have a number of additional bad programming practices to that code.

1. DO NOT use old mysql calls. Use PDO or mysqli. I recommend PDO.

2. DO NOT disable errors with the @ sign as in $rs=@mysql_select_db. Errors are you friend. They tell you that your programming is bad.

3. YOU HAVE ABSOLUTELY NO PROTECTION AGAINST SQL INJECTION

4. Regarding your lines:

  $sql = "SELECT user, pass FROM logintab ";
  $sql .= "WHERE user='$uname' AND pass='$pword'";

Compare the passwords AFTER you select the database info

  $sql = "SELECT user, pass FROM logintab ";
  $sql .= "WHERE user='$uname'";

Hi benanamen, thanks for having a look at the code. I tried the fix you gave using isset and it threw up these errors
Notice: Undefined variable: uname in C:\xampp\htdocs\sandbox5xxx\index.php on line 51
Notice: Undefined variable: pword in C:\xampp\htdocs\sandbox5xxx\index.php on line 51
Notice: Undefined variable: pword in C:\xampp\htdocs\sandbox5xxx\index.php on line 58

As for the other points you mention, I agree using mysql is ridiculous but the college server is an old version and uses that api and we are learning from old material. Also the finished form has to be uploaded to it. As for the error and mysql injection, that code is beyond my skill at the moment and as this will never be public code i just want to get it to work. The code does work on the college server it is only on my version of XAMPP that the errors are occurring.
Thanks for your help I really appreciate it.

Not only is the material old, it is also incomplete.

They way it is currently written, you are trying to select from the database BEFORE a username and password is even submited.

Your database code needs to be set within:

if ((!empty($_POST['user'])) && (!empty($_POST['pass']))) {
//database stuff here
}

Hey, is this your homework I am helping you with? By the way, you mentioned College. Have your instructor get in touch with me. They need to be strung and lashed for having you learn this bad code.

Additionally, this whole code is totally wrong and being checked for at the wrong time:

  if (($num_rows == 0) && (($pword == null) or ($uname == null))){
                 echo "<h3>Please enter your username and password</h3>"; 
  } 

You should be checking for a blank username and password BEFORE even trying to ask the database anything. The previous code I just gave you with slight mods will do that.

Like i said before, this code works on the college server. It shows index.php which asks for a username and password. If the correct user name and password are entered (which is held in the logintab table in the database) then the application loads. I know the code is not great but it does work on that server just not on mine. I am trying to figure out why it would work on that server and not my version of xampp.

As I look more at your code, there are even more problems. The whole thing is junk and wrong. What is the purpose of what you are doing? If it’s just to learn, then this is a great piece to learn how NOT to code.

The reason it works on the college server is because they have error reporting turned off. You are doing better running it the way you are so you can see the problems that exist and learn how to fix them.

On lines 36 and 38 you set variables for the post data ($pword, $uname) which is ok, but totally not necessary, but then on lines 59 and 60 you go back to using the form Post variables ($_POST[‘user’], $_POST[‘pass’])

Then on lines 61,62,70 and 71 you are unsetting the POST data. There is no need to do that.

unset($uname);
unset($pword);

Ok i get it, you have said over and over how crap it is. Trouble is because i have just started i have no idea how to fix it. Which was the whole point of asking the question in the first place.

Thanks anyway this is obviously not a place for beginners to ask questions.

Sorry, didn’t mean to come off that way. Feel free to ask questions. That’s what this board is for. Give me a few and I will rewrite it for you so you can see how it should be done.

This should get you on your way.

[php]

Login

Username:

Password:

<?php if ((empty($_POST['user'])) || (empty($_POST['pass']))) { echo "

Please enter your username and password

"; } else { include("dbinfo.inc.php"); mysql_connect("localhost", "$username", "$password"); mysql_select_db($database) or die("Unable to select database"); $sanitized_user = mysql_real_escape_string($_POST['user']); $sanitized_pass = mysql_real_escape_string($_POST['pass']); $sql = "SELECT user, pass FROM logintab"; $sql .= " WHERE username='$sanitized_user'"; $result = mysql_query($sql); if (!$result) { die("Error running $sql: " . mysql_error()); } while ($row = mysql_fetch_array($result)) { if ($sanitized_pass == $row['pass']) { session_start(); $_SESSION['user_logged'] = $_POST['user']; $_SESSION['user_password'] = $_POST['pass']; die(header('Location:interface.php')); } } //End While } //End Else ?> [/php]

Oh my god it worked. I have been trying to get this page to work forever. Thank you.
You were right though, looking at my code next to yours and it is crap. What should i do then, where do I go now to learn how to write this stuff properly. Any suggestions. Regardless though thanks so much for all your help.

Your welcome.

Keep in mind, the code I posted is still not the right way to do it. I will see about posting a PDO example for you. The internet is full of tutorials, some good, some not good, but a bad example is still an example. The first place I would send you to is the actual PHP documentation and start at the begining. http://www.php.net/manual/en/

You are already running your own local server so that is good. If your not already doing it, use an editor with sytax highlighting. It will be easier to spot errors. These days I use webuilder for many reasons http://www.webuilderapp.com/

If the tutorials are using mysqli or PDO you can be sure you are on the right track. PDO will allow you to easily use many different databases beside mysql.

Aside from xamp another really good server setup to run locally is Zend Server Commmunity Edition.

Make sure you have error reporting turned on full blast. PHP is great about telling you when you are messing up.

Also, if you can click the link by my name that says karma, click it.

I will take a look at both the webbuilderapp and the zend server and i WILL turn on error reporting as you suggest. I have found a php essential training video course to have a look at and i have sent a karma.

Thanks again

taffy

I attached a PDO version of your script. I didnt run it but it should be good. If not, here is your chance to learn some more. Add your database credentials to database.php

Actually, I just saw something you will notice when you enter a wrong user/pass combo. Lets see if you can fix it. (Thats what I get for not running it first…)

---

taffy.zip (2.24 KB)

Hi benanamen, sorry for the late reply but it is morning here and just got up. Thanks for the scripts i am attacking them now and will let you know how i get on later.

Thanks.

taffy

Hi benanamen, just a quick update on the PDO scripts you gave me. They are all working now with my database and forms. It took a while but I found the couple of bugs you spoke about.
I added [php]include(“database.php”);[/php] to index.php and changed the sql statement from username and password to user and pass. Everything now works a treat.
Thanks once again for all your help (and the scripts).

taffy

Feel free to give Karma for the PDO scripts. I am becoming a Karma whore.