3

Im doing a newsletter system, where a user enter his mail inside my input text and click on submit to subscribe in newsletter.

After he click on submit, he will receive an email, saying to confirm his subscription he needs to click in a link that I make available in this email.

This is the link:

<p>To confirm your subscription click on link below:</p>
    <a href="http://localhost/website/newsletter/confirm?email='.$email.'&amp;code='.$code.'">Confirm Subscription</a>

And this link will redirect to my newsletter confirmation page where I Will get email and code and then I will do an update on my subscribers table.

$email = $_GET['email'];
$code= $_GET['code'];
$pdo = start();
$updSub = $pdo->prepare("UPDATE subscribers set status= ? WHERE code = ?");
$updSub->bindParam(2,$code);
$updSub->execute();

But Im having this two notices:

Notice: Undefined index: email in F:\Xampp\htdocs\website\newsletter\confirm.php

Notice: Undefined index: code in F:\Xampp\htdocs\website\newsletter\confirm.php

Do you see why this can be happening? Im using a .htaccess file, dont know if it may be because of that, some problem with passing variables code and email in url.

This is my htaccess file:

RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.*)$ index.php?url=$1

My query string:

@$url = $_GET['url'];
$url = explode('/', $url);
$url[0] = ($url[0] == NULL ? 'index' : $url[0]);

if(file_exists('template/'.$url[0].'.php')){
    require_once('template/'.$url[0].'.php');
}elseif(@file_exists('template/'.$url[0].'/'.$url[1].'.php')){
    require_once('template/'.$url[0].'/'.$url[1].'.php');
}
else{
    require_once('template/404.php');
}
UserX
  • 1,295
  • 7
  • 25
  • 39
  • 2
    Please show the rules (mod-rewrite) in your htaccess – Justin Iurman Aug 08 '14 at 15:04
  • I update my question with my htaccess file! – UserX Aug 08 '14 at 15:09
  • You can fix the undefined indexes like this: `$email = isset($_GET['email']) ? $_GET['email'] : '';` and `$code= isset($_GET['code']) ? $_GET['code'] : '';` – Latheesan Aug 08 '14 at 15:17
  • 1
    Thanks. I know that. But Im having this two undefined indexs in a piece of code that they should already exist. – UserX Aug 08 '14 at 15:18
  • 2
    This question has been wrongly marked as duplicate. This has nothing to do with a classic undefined index – Justin Iurman Aug 08 '14 at 15:31
  • I think the same Justin, but I think that I can´t do nothing to remove this duplicated. I hope someone with permissions can see the question and remove this duplicated! Because I really dont see how can I solve my issue! – UserX Aug 08 '14 at 15:45
  • @Marby are you making sure that you are URL Encoding the `$email` and the `$code` on the html link you are generating with `urlencode()` function? – Latheesan Aug 08 '14 at 15:45
  • @Marby could you show an example URL when you clicked link in email ? Do you have `email` and `code` in query string ? – Justin Iurman Aug 08 '14 at 22:01
  • Im testing in localhost so I dont know how can I share so you can see! And I dont have email and code in my query string! – UserX Aug 09 '14 at 14:33
  • Well when you click on email link, whatever it's localhost or not, you should have `email` and `code` in url's query string. This means the problem is maybe in your email content (the link is not set properly) – Justin Iurman Aug 09 '14 at 15:01
  • I update my question with my query string Justin lurman. As you see Im not using email and code. I think Im not understanding your answer clearly! – UserX Aug 09 '14 at 23:09
  • Im trying to fix this but nothing is working. Now when I click in my received email link "Confirm Subscription", Im entering in this url: http://localhost/website/template/newsletter/confirm?email=emailtest@email.com&code=f14f3460bb54b54bcf33439be9c. And Im entering in my "template/404.php", page not found... – UserX Aug 09 '14 at 23:15
  • Can you please try using the [QSA] flag after your rewriterule? I belidve your parameters are being stripped when you rewrite the request to index.php. – ffflabs Aug 18 '14 at 03:49

1 Answers1

0

Firstly, when your handling the user's input and placing directly into a URL, please make sure you URL encode it. Even if E-Mail addresses can't have spaces, etc.

If your using JavaScript to handle, utilize:

encodeURIComponent("");
encodeURIComponent(document.getElementById('email').value);
encodeURIComponent($("#email").val());  // jQuery Library Required

If you are using a form to handle the user input without javascript intervention, don't worry about URL encoding, that should happen automatically.

If using PHP to handle the input -> URL, utilize:

rawurlencode($email);

After that, the undefined index happens when you call for a variable without previously declaring it. It is like saying:

echo $apples;  // where $apples has not been previously declared

Now, check any include or require files to make sure you aren't calling for the same variable name somewhere.

Using functions like isset and empty will give you a better flow to the validation.

if(!empty($_GET['email'])){
     mysqli->real_escape_string($email = $_GET['email']);
}else{
     die("No E-Mail");
}

And will stop the undefined index errors, PROVIDED you properly check to make sure the variables exist.

Plain and clear, your issue is because you are asking for variables before they are delared. This issue would not occur if their value was NULL.

Joseph Orlando
  • 183
  • 3
  • 9