0

I am trying to create a forum from scratch, and i got a bit tangled. In the following code, i'm trying to put a condition that if the user is not logged in, he cannot add a category. However, the code works perfectly if the user is logged, but i get an "undefined index: userid if he is not. I tried to add if(isset($_SESSION['userid'])) but that's just gonna hide the notice "you have to be signed in". any awesome ideas?

<?php

include("_/inc/dbcon.php");
    $link = mysql_connect($host, $login, $pw);
    mysql_select_db($database);
    if($link){
    }
include("_/inc/session_handler.php");
$create_cat ="";
if($_SESSION['userid'] == false /*| $_SESSION['rank'] !='Emperor' || $_SESSION['rank'] !='Destroyer' ||  $_SESSION['rank']!= 'Tekken Lord' )*/)
{
    //the user is not an admin
    echo 'Sorry, you do not have sufficient rights to access this page.';
}
else
{
    //the user has admin rights
    if($_SERVER['REQUEST_METHOD'] != 'POST')
    {   echo "YOU HAVE THE RIGHTS!";
        //the form hasn't been posted yet, display it

        $create_cat .= '<form method="post" action="">
            <input type="text" name="cat_name" placeholder="Category Name"/><br />
            <input type="text" name="cat_description" placeholder="Category Description" /><br />
            <input type="submit" value="Add category" />
         </form>';
    }
    else
    {
        //the form has been posted, so save it
        $sql = "INSERT INTO sp_categories(cat_name, cat_description)
           VALUES('" . mysql_real_escape_string($_POST['cat_name']) . "',
                 '" . mysql_real_escape_string($_POST['cat_description']) . "')";
        $result = mysql_query($sql);
        if(!$result)
        {
            //something went wrong, display the error
            echo 'Error' . mysql_error();
        }
        else
        {
            $create_cat .=  'New category succesfully added.';
        }
    }
}

?>
Paraschiv Ionut
  • 41
  • 1
  • 7
  • NEVER use the mysql_ functions. They are deprecated for a reason. use [mysqli](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) instead. – Euan T Oct 09 '13 at 10:55
  • possible duplicate of [PHP: "Notice: Undefined variable" and "Notice: Undefined index"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index) – halfer Oct 09 '13 at 10:56
  • Take a look at the `Related` sidebar over here `------>`. Plenty of duplicate questions `:)`. Please always do a search before asking - it'll save you time too! – halfer Oct 09 '13 at 10:57

3 Answers3

0

If you are really sure that your code works (even if this is a bad example), use error_reporting(E_ERROR); to remove notices.

Or maybe you used isset() in the wrong place.

MC Emperor
  • 22,334
  • 15
  • 80
  • 130
Lone Wolf
  • 3
  • 2
0

You get the undefined index error when you are looking within an array for a key that doesn't exist. Try using array_key_exists: http://php.net/manual/en/function.array-key-exists.php

if ( !array_key_exists( 'userid', $_SESSION ) ) {}

Hope this helps

acairns
  • 485
  • 4
  • 12
0

An undefined index error is issued when you are trying to call an index of an array, when it is not defined.
For example:

// Define an array with a few keys and values...
$data = array(
    'vehicle' => "car",
    'color'   => "red",
);
echo $data['size']; // This line will issue an undefined index error...

...because the index size is not an existing key.

Always check the existence of a key in an array before trying to call it:

if (isset($_SESSION['userid']) && $_SESSION['userid'] === false)

PS: I noticed that you're using mysql_* functions, which are deprecated. Try using PDO instead.

MC Emperor
  • 22,334
  • 15
  • 80
  • 130