-1

just having an issue with an index error. It's basically throwing this at me

http://puu.sh/chc2e/7e26d51bda.png

I am unsure of why it's giving it to me as I have listed it in the index? Any ideas

My code:

<?php
include ('config.php'); 
?>

<?php
// Getting username and password from login form
$username = $_POST['username']; 
$password = md5($_POST['password']);

// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM login WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is to count number of row from the above query
$count=mysql_num_rows($result);

// count is 1 if the above username and password matches
if($count==1){

// now redirect to dashboard page, we also store the username in session for further use in dashboard
$_SESSION['username']= $username; // storing username in session

header("location:index.php");
}

//if the username and password doesn't match redirect to homepage with message=1
else {
    echo '
    <script language="javascript" type="text/javascript">
window.location.href="index.php?message=1";
</script>';

}
?>

Any help is appreciated. Thanks!

EDIT: User asked to see my Login form

<?php
if(isset($_POST["submit"])){

if(!empty($_POST['user']) && !empty($_POST['pass'])) {
    $user=$_POST['user'];
    $pass=$_POST['pass'];

    $pass = strip_tags($pass); 
$pass = md5($pass); // md5 is used to encrypt your password to make it more secure.

    $con=mysql_connect('localhost','root','') or die(mysql_error());
    mysql_select_db('aha') or die("cannot select DB");

    $query=mysql_query("SELECT * FROM login WHERE username='".$user."' AND password='".$pass."'");
    $numrows=mysql_num_rows($query);
    if($numrows!=0)
    {
    while($row=mysql_fetch_assoc($query))
    {
    $dbusername=$row['username'];
    $dbpassword=$row['password'];
    }

    if($user == $dbusername && $pass == $dbpassword)
    {
    session_start();
    $_SESSION['sess_user']=$user;

    /* Redirect browser */
    header("Location: member.php");
    }
    } else {
    echo "<div class='results'>Invalid username or password</div>";
    }

} else {
    echo "All fields are required!";
}
}
?>

HTML LOGIN:

    <form action="" method="POST">

    <label>Username:</label>
        <input type="text" name="user" required />
    <label>Password:</label>
        <input type="password" name="pass" required />
        <input type="submit" value="Login" name="submit" class="submit" />
        <br><br>
        <center>
        <h2><p><a href="register.php">Register</a></p></h2>
        </center>

Sally
  • 9
  • 3
  • 1
    Can you show us your login form ? – Alban Pommeret Oct 18 '14 at 15:57
  • @AlbanPommeret Added it above – Sally Oct 18 '14 at 15:58
  • it looks like you not get username and password from POST. Then you try to get sql query (but username and password are emty) and result is empty. Then you put to mysql_num_rows empty value. It trow error – Krzysztof Sztompka Oct 18 '14 at 16:00
  • Where is your HTML code that POST data to you PHP Script? – Hermann Stephane Ntsamo Oct 18 '14 at 16:01
  • 1
    What are the fields in your form called? Is it `user` and `pass`, or `username` and `password`? – andrewsi Oct 18 '14 at 16:01
  • I don't see any HTML login form here. – Alban Pommeret Oct 18 '14 at 16:01
  • @AlbanPommeret


    Register

     – Sally Oct 18 '14 at 16:02
  • @Sally - there you go; your login form is using `user`, and your code is looking for `username` – andrewsi Oct 18 '14 at 16:03
  • Your second code is still vulnerable to SQL injections. – Gumbo Oct 18 '14 at 16:05
  • Please, **DO NOT USE** this code. It is extremely dangerous and exposes your users to severe risk. Before you do anything else you absolutely must familiarize yourself with [basic PHP security practices](http://www.phptherightway.com/#security) for dealing with authentication and passwords. Your use of `stripslashes` suggests this is based on wickedly out of date tutorial code as that function is not supposed to be used. – tadman Oct 18 '14 at 17:23
  • possible duplicate of [PHP: "Notice: Undefined variable" and "Notice: Undefined index"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index) – andrewsi Oct 19 '14 at 01:09

4 Answers4

0

You have E_NOTICE enabled on your webserver (in php.ini).

You can typically ignore these errors, (disable them in your ini file will do the trick).

In order to fix the issue you need to define $username and $password as something (before the $_POST) because $_POST does not always exist.

$username = false;
$password = false;

for example.

As for the mysql issue, I strongly suggest looking into mysqli! The standard mysql contains so many bugs, security issues and flaws it doesn't even exist anymore in the newer php versions.

Niels
  • 101
  • 1
  • 3
  • That still won't work - it's looking for values in `$_POST` which aren't there, so initializing the variables won't make a difference. – andrewsi Oct 18 '14 at 16:04
  • Add an if statement, if $username && $password bla bla.. else return to login page. – Niels Oct 18 '14 at 16:06
  • I see he is trying to fetch username but defined his input field as user, my post is about the index issue he asked about. His next problem will be the part where he fails to fill the $username and $password variables). – Niels Oct 18 '14 at 16:12
0

in your first code change

$username = $_POST['user']; 
$password = md5($_POST['pass']);

edit: edit password line like point andrewsi

Krzysztof Sztompka
  • 7,066
  • 4
  • 33
  • 48
0

Change your login form with these name attributes :

<form action="" method="POST">

<label>Username:</label>
    <input type="text" name="username" required />
<label>Password:</label>
    <input type="password" name="password" required />
    <input type="submit" value="Login" name="submit" class="submit" />
    <br><br>
    <center>
    <h2><p><a href="register.php">Register</a></p></h2>
    </center>
</form>

Also replace all your $_POST['user'] and $_POST['pass'] occurences by $_POST['username'] and $_POST['password'] in your PHP code.

Alban Pommeret
  • 327
  • 1
  • 10
0

The fields are null, please var_dump() them. Need to see your frontend to determine more.

If you are posting form then try accessing the form via;

$_POST['Form']['Field']

Undefined Index means that the key you are trying to access in the array does not exist in the array. Undefined Index = Key (string), Undefined Offset = Index (number).

Steve_B19
  • 538
  • 3
  • 10