PHP Notice: Undefined offset: 0

Question

I am trying redirect user when login successfully but I am getting error on entering wrong username and password and also redirection not working. If I insert valid username and password works great.

Error:

Notice: Undefined offset: 0 in /var/sites/l/example.com/public_html/demo/sitename/application/models/loginmodel.php on line 70

Notice: Trying to get property of non-object in /var/sites/l/example.com/public_html/demo/sitename/application/models/loginmodel.php on line 70

Warning: Cannot modify header information - headers already sent by (output started at /var/sites/l/example.com/public_html/demo/sitename/application/models/loginmodel.php:70) in /var/sites/l/example.com/public_html/demo/sitename/application/models/loginmodel.php on line 82

My Code:

session_start();

        $username = strip_tags($username);
        $password = strip_tags($password);

        $sql = "SELECT id FROM users WHERE name='$username' and password='$password'";
        $query = $this->db->prepare($sql);
        $query->execute();
        $records = $query->fetchAll();
        $ck_userID = $records[0]->id;
        //$active=$row['active'];
        // echo "<pre>";
            // print_r($ck_userID);
        // echo "</pre>";
        // die;

        if ( count($ck_userID) > 0 ){ 
            $_SESSION['login_user']=$username;
            header('location: ' . URL . 'admin');
        }else{
            header('location: ' . URL . 'login?invalid');
        }

Hey my question is also regarding for Notice: Undefined offset: 0 — Mr.Happy, Mar 31 '14 at 06:42
Add `ob_start();` to the top of the script to stop d header sent error — BlackPearl, Mar 31 '14 at 06:45
@BlackPearl `ob_start` is like error suppression, would be even more confusing for OP — Daniel W., Mar 31 '14 at 06:50
Hey for your information that ob_start is also worked for me :) — Mr.Happy, Mar 31 '14 at 06:58

score 0 · Answer 1 · answered Mar 31 '14 at 06:42

0

change

   $records = $query->fetchAll();
   $ck_userID = $records[0]->id;
   if ( count($ck_userID) > 0 ){

to

   $records = $query->fetchAll();
   if ( count($records) > 0 ){

NOTE: your code is vulnerable to sql injections

answered Mar 31 '14 at 06:42

Iłya Bursov

23,342
4
33
57

score 0 · Accepted Answer · answered Mar 31 '14 at 06:46

Change

$ck_userID = $records[0]->id;

to

$ck_userID = isset($records[0]) && is_object($records[0]) ? $records[0]->id : null;

Explanation:

You have to check whethe $records[0] does exist and you should check whether it's an object (so it's not false or null).

Also care for SQL injection. You are using some kind of prepare method, but you don't prepare anything.

Another bad practice is header sending location change but no exit following. Header start with a capital letter, location: -> Location:.

PHP Notice: Undefined offset: 0

2 Answers2