Why display this error and how i can repair

Question

i have small problem with login form. When i open form.php it's display this error:

Notice: Undefined index: id in C:\xampp\htdocs\form.php on line 3

But when i logged in form.php everything is okay. My question is how i can fix this error and is there have a vulnerabilities in my code?

login.php

<?php
/*

// Start Session
session_start();

// Database connection
require __DIR__ . '/database.php';
$db = DB();

// Application library ( with DemoLib class )
require __DIR__ . '/lib/library.php';
$app = new DemoLib();
$login_error_message = '';
$register_error_message = '';

// check Login request
if (!empty($_POST['login'])) {

$user = trim($_POST['user']);
$pass = trim($_POST['pass']);

if ($user == "") {
    echo '<pre>';
    echo 'Plese select username';
    echo '</pre>';
} else if ($pass == "") {
            echo '<pre>';
    echo 'Please select pass';
    echo '</pre>';
} else {
    $id = $app->Login($user, $pass); // check user login
    if($id > 0)
    {
        $_SESSION['id'] = $id; // Set Session
        header("Location: form.php"); // Redirect user to the profile.php
    }
    else
    {
                echo '<pre>';
    echo 'Error';
    echo '</pre>';
    }
}
}
?>

and my form.php

<?php 

$user = $app->UserDetails($_SESSION['id']); // get user details 
if (isset ($user->id)) { ?>
<span>Hello, <b><?php echo $user->user ?><b></span>
<p><a href="#">Add article</a></p>
<p><a href="#">Remove article</a></p>
<p><a href="#">Add news</a></p>
<p><a href="logout.php">Log out</a></p>
<?php } else { ?>
<form action="form.php" method="post">
<p>username:<p>
<input type="text" name="user">
<p>Password:</p>
<input type="password" name="pass">
<input type="submit" name="login" value="Login">
</form>
<br>
<?php } ?>

Firstly remove to comment /* in login.php. Then when you open the form.php, the error means, that the $_SESSION array doesn't have any element with index 'id' set. When you use login.php the $_SESSION['id'] is set. — Jan Rydrych, Feb 04 '17 at 19:02

score 0 · Answer 1 · answered Feb 04 '17 at 19:02

0

You should check if index 'id' of Session exists.

if ( isset($_SESSION['id']) ) {
    ....
}

answered Feb 04 '17 at 19:02

Begmuhammet Kakabayev

310
1
14

`$user = $app->UserDetails($_SESSION['id']); // get user details if (isset ($user->id)) {` they're doing that already. – Funk Forty Niner Feb 04 '17 at 19:02
I think they are checking 'id' of $user it's all right. But they are not checking whether 'id' of $_SESSION exists. Isn't that problem? – Begmuhammet Kakabayev Feb 04 '17 at 19:05

Why display this error and how i can repair

1 Answers1