0

I'm facing an issue where my simple dummy form doesn't pass it's session variable. There is an error code

Notice: Undefined index: username in ...login.php on line 8

Notice: Undefined index: password in ...\login.php on line 9

Wrong username or password

session start index.php

<html>
    <head></head>
<body>
<?php session_start();?>
<form action="login.php" method="POST">
     Username:<input type="text" name="username">
     Password:<input type="password" name="password">
    <input type="submit" value="Login">
</form>
</body>

</html>

Validation of the input will be passed on to login.php

<html>
<head></head>
<body>
<?php 
    session_start();
    $user = "NULL";
    $password = "NULL";
    $user = $_REQUEST["username"];
    $password = $_REQUEST["password"];


    if($user == "ali" && $password == "123"){
    $_SESSION["$user"] = $user;
    echo "Login Successful</br>"; 
    echo '<a href="logout.php">Logout</a>';
    }
    else{
     echo "Wrong username or password</br>";
     echo '<a href="index.php">Back</a>';
    }
    ?>

    <p>Welcome <?php echo htmlspecialchars($user) ?></p>


 </body>
 </html>

logout.php 

    <html>
    <head></head>
<body>
<?php session_start();?>
<form action="login.php" method="POST">
     Username:<input type="text" name="username">
     Password:<input type="password" name="password">
    <input type="submit" value="Login">
</form>
</body>

</html>
Niranjan N Raju
  • 12,047
  • 4
  • 22
  • 41
Ajaxcbcb
  • 167
  • 2
  • 4
  • 14
  • 3
    This doesn't seem to have much to do with sessions, but rather that the form post values aren't available on the second page in the workflow. – David Oct 20 '15 at 14:38
  • 1
    $_SESSION["user"] = $user; not $_SESSION["$user"] = $user; – Peter Chaula Oct 20 '15 at 14:41
  • why dint you use `$_POST` instead if `$_REQUEST`. – Niranjan N Raju Oct 20 '15 at 14:45
  • 1
    Use `$_POST` instead of `$_REQUEST`, [as recommended as best practice](http://stackoverflow.com/questions/1924939/request-vs-get-and-post). It seems that even though you `post` to login.php, the `$_REQUEST` variable isn't populated with the input elements that are passed along with the `post` request. – klaar Oct 20 '15 at 14:46
  • 2
    Also, `session_start()` must become before any output, such as html – Steve Oct 20 '15 at 14:46

1 Answers1

1

-You are facing Undefined index error because when you directly execute login.php or reload login.php or you open it in another tab, at that time $_REQUEST is an empty array. Actually your coding of login.php is wrong, thats why you are getting Undefined index error.

-First of all session_start() must be before <!DOCTYPE html>

-$_SESSION["$user"] is wrong, use $_SESSION['user'] instead.

-Why are you using $_REQUEST? Your form method is POST, so use $_POST. Refer $_REQUEST vs $_GET and $_POST

-Session must be destroyed when user logout.

-Here is the working code...

1. index.php 

<html>
    <head></head>
<body>
<form action="login.php" method="POST">
     Username:<input type="text" name="username">
     Password:<input type="password" name="password">
    <input type="submit" value="Login">
</form>
</body>

</html>

2. login.php

<?php session_start(); ?>

<!DOCTYPE html>
<html>

<head>

</head>

<body>

<?php 

if( isset($_SESSION['user']) ){
   echo 'User is already logged in.<br />';
   echo '<a href="logout.php">Logout</a>';
}
else {
    if( isset($_POST["username"]) && isset($_POST["password"]) ) {
        if($_POST["username"] == "ali" && $_POST["password"] == "123"){
            $_SESSION["user"] = $_POST["username"];
            echo "Login Successful</br>"; 
            echo '<a href="logout.php">Logout</a>';
        }
        else {
            echo "Wrong username or password</br>";
            echo '<a href="index.php">Back</a>';    
        }    
    }
}

?>
 </body>
 </html>

3. logout.php

<?php
session_start();
?>
<!DOCTYPE html>
<html>
<body>

<?php
// remove all session variables
session_unset();

// destroy the session
session_destroy();
echo "All session variables are now removed, and the session is destroyed."
?>

</body>
</html>
Community
  • 1
  • 1
Domain
  • 11,562
  • 3
  • 23
  • 44
  • thanks for your feedback. after amending the code, the session still doesn't save. i've tried going to another tab, it prompts the error **Notice: Undefined index: username in C:\xampp\htdocs\loginvalid\login.php on line 8** **Notice: Undefined index: password in C:\xampp\htdocs\loginvalid\login.php on line 9** – Ajaxcbcb Oct 21 '15 at 01:19
  • @Ajaxcbcb: Hey, I understood your problem properly. Updated answer. run the given code, it's working and let me know the solution acceptable to you or not... – Domain Oct 21 '15 at 05:47