PHP Notice: Undefined index:

Question

After trying to find a way to change a md5 password i read that its better to generate a new one and email it.

i have the following code and for some reason its giving me this error

Notice: Undefined index: email_address on line 7

Here is the code

<?php
session_start(); // Start Session
session_register("session");
// This is displayed if all the fields are not filled in
$empty_fields_message = "<p>Please go back and complete all the fields in the form.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
// Convert to simple variables 
$email_address = $_POST['email_address'];
if (!isset($_POST['email_address'])) {
?>
<form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<label for="email_address">Email:</label>
<input type="text" title="Please enter your email address" name="email_address" size="30"/>
<input type="submit" value="Submit" class="submit-button"/>
</form>

<?php
}
elseif (empty($email_address)) {
echo $empty_fields_message;
}
else {


mysql_connect("localhost", "usern", "passw") or die(mysql_error());
mysql_select_db("mydb") 
or die(mysql_error());



$email_address = mysql_real_escape_string($email_address);
$status = "OK";
$msg="";
//error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);
if (!stristr($email_address,"@") OR !stristr($email_address,".")) {
$msg="<p>Your email address is not in the correct format.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back"; 
$status= "NOTOK";}

echo "";
if($status=="OK"){ $query="SELECT email,username FROM users WHERE users.email = '$email_address'";
$st=mysql_query($query);
$recs=mysql_num_rows($st);
$row=mysql_fetch_object($st);
$em=$row->email_address;// email is stored to a variable
if ($recs == 0) { 
echo "<p>Sorry your address is not there in our database. Please try again.</p>Click <a class=\"two\" href=\"javascript:history.go(-1)\">here</a> to go back";
exit;
}
function makeRandomPassword() { 
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; 
srand((double)microtime()*1000000); 
$i = 0; 
while ($i <= 7) { 
$num = rand() % 33; 
$tmp = substr($salt, $num, 1); 
$pass = $pass . $tmp; 
$i++; 
} 
return $pass; 
} 
$random_password = makeRandomPassword(); 
$db_password = md5($random_password); 

$sql = mysql_query("UPDATE users SET password='$db_password' 
WHERE email='$email_address'"); 

$subject = "Your New Password"; 
$message = "Hello, you have chosen to reset your password. 

New Password: $random_password 

http://www.yoursite.com/loginn
Once logged in you can change your password 

Thanks! 
Site admin 

This is an automated response, please do not reply!"; 

mail($email_address, $subject, $message, "From: yoursite.com Webmaster<admin@jyoursite.com>\n 
X-Mailer: PHP/" . phpversion()); 
echo "<p>Your new password has been send! Please check your email!";
} 
else {echo "$msg";}
}
?>

the line its refering to is

$email_address = $_POST['email_address'];

I am not sure why this is happening, have I over seen something?

Just move that line to be logically integrated into the block which follows it, checking that `isset($_POST['email_address'])`. If that condition isn't satisfied and it moves to the `else`, you know the value exists. Set there in the `else` instead. — Michael Berkowski, Feb 12 '14 at 21:32
try doing var_dump($_POST) and see if it has email_address set — Software Engineer, Feb 12 '14 at 21:34
You are advised to read [How can I prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Your code is vulnerable, and depends on the `mysql_*()` extension, deprecated in PHP 5.5. — Michael Berkowski, Feb 12 '14 at 21:34
You need to learn how to [READ and debug](http://stackoverflow.com/questions/12769982/reference-what-does-this-error-mean-in-php) error messages. Everything you needed to solve the problem was in the error message. — Anigel, Feb 12 '14 at 21:44

score 4 · Accepted Answer · answered Feb 12 '14 at 21:33

4

The error is quite clear. Here:

$email_address = $_POST['email_address'];

$_POST doesn't have a key email_address

Try changing your code slightly, to use isset first:

if(isset($_POST['email_address'])) {
    $email_address = $_POST['email_address'];
    ...

Notice that I've reversed the logic to if post 'email address' is set...

answered Feb 12 '14 at 21:33

Madbreaks

19,094
7
58
72

Many thx for your answer :) it sorted the error but now it just reads the output message "Please go back and complete all the fields in the form" – Rick Skeels Feb 12 '14 at 21:43
1

That's because, as mentioned, I reversed your logic. You'll need to swap the contents of the if/else block to reflect that. – Madbreaks Feb 12 '14 at 22:08

score 1 · Answer 2 · answered Feb 12 '14 at 21:39

You are assigning the value of $_POST['email_address'] before you are checking that it has been set. i.e $email_address = $_POST['email_address']; on line 7. You need to move this line to inside the isset( $_POST['email_address'] ) if statement.

You possible need to assign a different value to the variable $email_address if the $_POST['email_address'] is not set, if you use the variable in other places in the code.

i.e

$email_address = "";
if (!isset($_POST['email_address'])) {
    $email_address = $_POST['email_address'];
    ...

PHP Notice: Undefined index:

2 Answers2