0

I was making a simple Login script that should keep the user logged in when the radio-button is checked. I have set a cookie to expire after 24 hours if the "Keep me logged in" radio-button is checked, and it worked... But i get some errors that say: Notice: Undefined index: user_id in C:\xampp\htdocs\Webintegrator-PHP\MySql&PHP\Register&Login\core_login.php on line 17 & Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 6 in C:\xampp\htdocs\Webintegrator-PHP\MySql&PHP\Register&Login\core_login.php on line 20

These are the users firstname and surname which should be displayed from the database..

But they are always displayed when the user log in until the radio-button "Keep me logged in" is checked.

Here is the code for login_form.php

<?php

if(isset($_POST['username']) && isset($_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];

    $password_hash = md5($password);

    if(!empty($username) && !empty($password)){
        $query = "SELECT id FROM users WHERE username = '" . mysql_real_escape_string($username) . "' AND password = '" . mysql_real_escape_string($password_hash) . "'";
        if($query_run = mysql_query($query)){
            $query_num_rows = mysql_num_rows($query_run);

            if($query_num_rows == 0) {
                echo "Invalid username/password combination";
            } elseif ($query_num_rows == 1) {

                if(isset($_POST['remember_me'])){
                    setcookie("remember_username", $_POST['username'], time()+3600*24);
                    setcookie("remember_password", $_POST['password'], time()+3600*24);

                    $user_id = mysql_result($query_run, 0, 'id');
                    $_SESSION['user_id'] = $user_id;

                    header ('Location: index_login.php');

                } elseif(isset($_POST['keep_me'])){
                    $user_id = mysql_result($query_run, 0, 'id');
                    setcookie('keep_me_loggedin', $user_id, time()+3600*24);

                    header ('Location: index_login.php');

                } else {
                    $user_id = mysql_result($query_run, 0, 'id');
                    $_SESSION['user_id'] = $user_id;

                    header ('Location: index_login.php');                    
                }
            }
        }
    } else {
        echo "You must supply a username & password";
    }
}

?>

<form action="<?php echo $current_file; ?>" method="POST">
    Username:<input type="text" name="username" value="<?php if(isset($_COOKIE['remember_username'])) {echo $_COOKIE['remember_username'];} ?>"><br/><br/>
    Password:<input type="password" name="password" value="<?php if(isset($_COOKIE['remember_password'])) {echo $_COOKIE['remember_password'];} ?>"><br/><br/>
    <input type="radio" name="remember_me"> Remember me?<br/><br/> 
    <input type="radio" name="keep_me"> Keep me logged in?<br/><br/> 
    <input type="submit" name="submit" value="Log in">
</form>

And index_login.php

<?php

require 'connect_login.php';
require 'core_login.php';

if(loggedin()) {
    $firstname = getuserfield('firstname');
    $surname = getuserfield('surname');
    echo "You are logged in, " . "$firstname " . "$surname " . "<a href='logout.php'>Log out</a>";
} else {
    include 'login_form.php';
}

?>

And here is core_login.php

<?php

ob_start();
session_start();

$current_file = $_SERVER['SCRIPT_NAME'];

function loggedin(){
    if (isset($_SESSION['user_id']) && !empty($_SESSION['user_id']) || (isset($_COOKIE['keep_me_loggedin'])) && (!empty($_COOKIE['keep_me_loggedin']))) {
        return true;
    } else {
        return false;
    }
}

function getuserfield($field) {
    $query = "SELECT $field FROM users WHERE id = '" . $_SESSION['user_id'] . "'";

    if ($query_run = mysql_query($query)) {
        return mysql_result($query_run, 0, $field);
    }    
}


?>

Any solutions for the problem would be appreciated!

Thanks in advance

user3740970
  • 389
  • 1
  • 3
  • 16

1 Answers1

0

Seems like you just need to do some additional condition-checking.

Check that $query_run is a valid mysql query result.

And you want to check that isset($_SESSION['user_id']) is true before trying to stick it in the query in getuserfield().

EDIT:

I found this on the PHP mysql_query() page:

The returned result resource should be passed to mysql_fetch_array(), and other functions for dealing with result tables, to access the returned data.

That means you should use mysql_fetch_array() rather than mysql_result() to access the results of the executed query.

PHP - mysql_result()

SW_user2953243
  • 334
  • 1
  • 12
  • the $query_run is working.. as i said i can login & logout with $_SESSION['user_id']. But when the user check the radio button "keep me logged in" then i want the user to be logged in with a cookie.. So that the next time the user visit the page he should still be logged in. But the problem is that when the user is logged in with a cookie then it it not displaying the user firstname & surname – user3740970 Jul 11 '14 at 18:39
  • Oh it's probably because you don't set `$_SESSION['user_id']` in that elseif statement, but you set it in the other two. You should just have one `$_SESSION['user_id'] = $user_id` statement, instead of 3 though. I would place it right before checking for $_POST['remember_me']` – SW_user2953243 Jul 12 '14 at 01:42
  • As I said, you should check isset($_SESSION['user_id']) before trying to access it. The reason it works when you login/logout because you set the $_SESSION['user_id'] for those cases... But you didn't set it for the "keep me logged in" case. – SW_user2953243 Jul 12 '14 at 01:51
  • You also may want to revise the logic for your loggedin() routine. In particular changing the || to &&. – SW_user2953243 Jul 12 '14 at 01:55
  • Okay now i have set the `$_SESSION['user_id']` to work in all three cases.. Now when i login and check the radio button "keep me logged in" it display the user data, but when i close the browser and go to the **index_login.php** page then it show the same error with undefined index and it is not showing the user data again.. That means the cookie is not working as it should? – user3740970 Jul 12 '14 at 02:20
  • How could i store the firstname and the surname to the user from the database in a cookie when the user login? – user3740970 Jul 12 '14 at 02:26
  • http://stackoverflow.com/questions/9325497/how-to-keep-the-session-active-even-if-the-browser-was-accidentally-close – SW_user2953243 Jul 12 '14 at 11:10
  • I can't find a solution, could you please help me with the script.. I'm still new to Php – user3740970 Jul 12 '14 at 23:01
  • You should start a new question – SW_user2953243 Jul 12 '14 at 23:35