-1

This is a script using cookies for password.....running it on localhost it show the notice undefined index:user undefined index:pass
The code is as follows:

<html>
<body>
<form action="<?php echo ($self); ?>" method="post">
Please enter your details for access :<br>
Name:<input type="text" name="user" size="10">
Password:<input type="text" name="pass" size="10"><br><br>
<input type="submit" value="Log in">
</form>
</body>
</html>
<?php
$user=$_POST['user'];
$pass=$_POST['pass'];
$self=$_SERVER['PHP_SELF'];
if(($user!=null)and ($pass!=null))
{
 if($pass=="mypassword")
  {
    setcookie("checkpass","okkay");
header("Location:loggedin.php");
exit();
  }
 else
  {
  setcookie("checkpass");
 } 
}
?>
arpit
  • 23
  • 1
  • 4
  • dont store passwords or usernames in cookies, that is really really really bad.. – Jorge Y. C. Rodriguez May 05 '14 at 16:58
  • he doesn't store the password in the cookie, instead he sets a cookie to check if the password was valid, is still bad but not as bad as storing the password – gbestard May 05 '14 at 16:59
  • Sidenote: You're outputting before header with the cookie. – Funk Forty Niner May 05 '14 at 17:00
  • use `$user = (isset($_POST['user'])?($_POST['user']):(die ("missing POST argument user"));` and same with password... you're not getting anything from $_POST if it says that the index is undefined. – briosheje May 05 '14 at 17:04
  • On replacing with the above code it displays-Parse error: syntax error, unexpected ';' – arpit May 05 '14 at 17:07
  • @Fred-ii-i tried putting php before html ....still doesn't work – arpit May 05 '14 at 17:10
  • Consult my answer below @arpit You needed a conditional statement `isset` to check if your variables are set or not. Plus, read the added note about password storage. – Funk Forty Niner May 05 '14 at 17:26

1 Answers1

0

This is happening because you need to use isset and wrapping that conditional statement around your PHP.

Plus, you will get an error message such as:

Warning: Cannot modify header information - headers already sent by (output started at.....

So, place your PHP above HTML.

<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

if(isset($_POST['user']) && isset($_POST['pass'])){

$user=$_POST['user'];
$pass=$_POST['pass'];
$self=$_SERVER['PHP_SELF'];
if(($user!=null) and ($pass!=null))
{
 if($pass=="mypassword")
  {
    setcookie("checkpass","okkay");

// echo "OK";

 header("Location:loggedin.php");
exit();
  }
 else
  {
  setcookie("checkpass");

// echo "SORRY";

 } 
}

} // brace for if(isset($_POST['user']) ...
?>

<html>
<body>
<form action="<?php echo ($self); ?>" method="post">
Please enter your details for access :<br>
Name:<input type="text" name="user" size="10">
Password:<input type="text" name="pass" size="10"><br><br>
<input type="submit" value="Log in">
</form>
</body>
</html>

Passwords

I also noticed that you may be storing passwords in plain text. This is not recommended.

Use one of the following:

Other links:

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141