0

I need some one to correct me from my mistake here is the error

Notice: Undefined index: login in C:\xampp\htdocs\bank\index.php on line 10
Notice: Undefined index: password in C:\xampp\htdocs\bank\index.php on line 10
Notice: A session had already been started - ignoring session_start() in C:\xampp\htdocs\bank\header.php on line 2

$result = mysql_query("SELECT * FROM customers WHERE loginid='$_POST[login]' AND accpassword='$_POST[password]'"); if(mysql_num_rows($result) == 1)

CodeShark
  • 1,709
  • 2
  • 14
  • 22
user2830294
  • 1
  • 1
  • 3

4 Answers4

1
if(isset($_POST['password'],$_POST['login']))
{
    //Your new, safe, PDO/mysqli query
}

As for the session, if you don't have varying includes, just remove the duplicate session_start(), if the file is sometimes standalone, and sometimes part of the whole project, add the following check:

//PHP >= 5.4
if(session_status()==PHP_SESSION_NONE) session_start();

//PHP < 5.4
if(session_id()=='') session_start();

This checks that sessions are enabled, but none have been started.

Information on safer database handling is covered in this answer, be sure to check the links in that answer

Community
  • 1
  • 1
MDEV
  • 10,730
  • 2
  • 33
  • 49
0

Session notice

You have a session starting somewhere, and then again in C:\xampp\htdocs\bank\header.php's second line. You should do if PHP >= 5.4.0:

if (session_status() == PHP_SESSION_NONE) {
  session_start();
  }

If PHP < 5.4.0:

if(session_id() == '') {
  session_start();
  }

This can be seen here: Check if PHP session has already started.

Undefined index and other issues

However, your code has the following issues:

  • It is subject to SQL injection.
  • mysql_* is not secure anymore. You should be using PDO or MySQLi for the database handling.
  • Are you seriously storing passwords in the database as plain text? You need to properly hash them.

Fixing it (PHP >= 5.5):

$DB = new PDO(/* CORRECT PARAMETERS HERE */);
if (isset($_POST['login']) && isset($_POST['password'])) {
  $STH = $DB->prepare("SELECT * FROM customers WHERE loginid = ?");
  $STH->execute(array($_POST['login']));
  $Result = $STH->fetch();
  if(password_verify($_POST['password'], $Result['password'])) {
    /* Do what you need to do */
    }
  }

For PHP <= 5.5, you need to add a library for using if(password_verify(...)). Check password_compat library for more info, but it's basically this:

include "password_compat.php";

$DB = new PDO(/* CORRECT PARAMETERS HERE */);
if (isset($_POST['login']) && isset($_POST['password'])) {
  $STH = $DB->prepare("SELECT * FROM customers WHERE loginid = ?");
  $STH->execute(array($_POST['login']));
  $Result = $STH->fetch();
  if(password_verify($_POST['password'], $Result['password'])) {
    /* Do what you need to do */
    }
  }
Community
  • 1
  • 1
Francisco Presencia
  • 8,732
  • 6
  • 46
  • 90
0

Notice: Undefined index: login means that in your array, there's no entry with "login" as index. So in your case, that means that $_POST does not contain "login" key. You have to verify that these indexes exist.

isset($_POST['login']) is a good way to do that.

array_key_exists('login', $_POST) is another way.

Armage
  • 657
  • 8
  • 18
-1

For Undefined you need to check if the variable is set or not like this

if (isset($_POST[login]) && isset($_POST[password])) {
    // your code here

}

For A session had already been started

You have already use session_start() somewhere else other then header.php. so you need to remove it from either of the page

zzlalani
  • 22,960
  • 16
  • 44
  • 73
  • Never ever do this. It's prone to SQL injection. – Francisco Presencia Oct 03 '13 at 11:58
  • @FranciscoPresencia with `isset` – zzlalani Oct 03 '13 at 11:59
  • Your original code (`$result = mysql_query("SELECT * FROM customers WHERE loginid='$_POST[login]' AND accpassword='$_POST[password]'");`) was prone to mysql injection, and that's why I unvoted it. – Francisco Presencia Oct 03 '13 at 12:03
  • @FranciscoPresencia actually this was not the requirement of the person ask this the question. First kindly read the question properly, and then Please go and read the Stack overflow manual. – zzlalani Oct 03 '13 at 12:06
  • @FranciscoPresencia you need to take a look at this http://stackoverflow.com/help/how-to-answer >> **Answer the question** – zzlalani Oct 03 '13 at 12:09
  • @FranciscoPresencia Read the question carefully. What, specifically, is the question asking for? Make sure your answer provides that – or a viable alternative. The answer can be “don’t do that”, but it should also include “try this instead”. Any answer that gets the asker going in the right direction is helpful, but do try to mention any limitations, assumptions or simplifications in your answer. Brevity is acceptable, but fuller explanations are better. – zzlalani Oct 03 '13 at 12:10
  • @FranciscoPresencia it is non-sense down voting some one answer when it has noting to do with any error you found in the question. Does it make any sense to you? – zzlalani Oct 03 '13 at 12:11
  • @FranciscoPresencia your response here will be appreciated? – zzlalani Oct 03 '13 at 12:14
  • Thank you, I have already read the how-to-answer. Please, refer to [this meta question](http://meta.stackexchange.com/q/102536/179259) to know why I downvoted it. If you changed the code to a secure one, I'd upvote it, but just hiding it doesn't make it any more secure. I hope it wasn't you who downvoted me based only on revenge. – Francisco Presencia Oct 03 '13 at 12:24
  • @FranciscoPresencia Is it really hard to understand that this was not the part of the question? – zzlalani Oct 03 '13 at 17:25