-2

Im working on a v2 of signing up.

I added some new input fields in various input types and the one that i use in v1 are now working properly, but the new ones don't. I noticed that it are only like the special input fields (checkboxes, selection menu, radio buttons, ...). I was testing out and when nothing is entered it just gives me this undefined index error (while i tried to define it). Note: the inputs that aren't working are not required fields!

Anyway, here is the PHP code:

// Initializing variables
$username = "";
$email = "";

$errors = array(); 

// Connect to the database

$conn = mysqli_connect($database['host'], $database['user'],  $database['password'], $database['db'], $database['port']);

$email_show = $_POST['emailshow'];

// REGISTER USER
if (isset($_POST['reg_user'])) {
  // Receive all input values from the form
  $username = mysqli_real_escape_string($conn, $_POST['username']);
  $email = mysqli_real_escape_string($conn, $_POST['email']);
  $email_show = mysqli_real_escape_string($conn, $_POST['emailshow']);
  $password_1 = mysqli_real_escape_string($conn, $_POST['password_1']);
  $password_2 = mysqli_real_escape_string($conn, $_POST['password_2']);
  $fname = mysqli_real_escape_string($conn, $_POST['fname']);
  $fname_show = mysqli_real_escape_string($conn, $_POST['fnameshow']);
  $lname = mysqli_real_escape_string($conn, $_POST['lname']);
  $lname_show = mysqli_real_escape_string($conn, $_POST['lnameshow']);
  $sex = mysqli_real_escape_string ($conn, $_POST['sex']);
  $bday = mysqli_real_escape_string($conn, $_POST['bday']);
  $country = mysqli_real_escape_string($conn, $_POST['country']);
  $private_account = mysqli_real_escape_string($conn, $_POST['privateacc']);
  $profile_style = mysqli_real_escape_string($conn, $_POST['profilestyle']);

  // Form validation: ensure that the form is correctly filled ...
  // By adding (array_push()) corresponding error unto $errors array
  if (empty($username)) { array_push($errors, "Username is required"); }
  if (empty($email)) { array_push($errors, "Email is required"); }
  if (empty($password_1)) { array_push($errors, "Password is required"); }
  if (empty($fname)) { array_push($errors, "Firstname is required"); }
  if (empty($lname)) { array_push($errors, "Lastname is required"); }
  if (empty($sex)) { array_push($errors, "What is your gender?"); }
  if (empty($bday)) { array_push($errors, "When is your birthday?"); }
  if (empty($_POST['country'])) { array_push($errors, "Test"); }
  if ($password_1 != $password_2) {
    array_push($errors, "The two passwords do not match");
  }

HTML input:

            <div class="box-title"><h1>Sign up</h1></div>
            <div class="required-fields"><em>- Required fields are marked with *</em></div>
              <div class="account-wrapper">
                  <div class="account-title">YOUR ACCOUNT</div>
                    <form method="post" class="accountform" action="/sign-up">
                       <input type="text" placeholder="Username*" name="username" onfocus="showDesc1()">
                       <div id="desc1">How others will see you <i id="close" onclick="closeDesc1()" class="fas fa-times-circle"></i></div>
                       <input type="email" placeholder="Email*" name="email" onfocus="showDesc2()">
                       <div id="desc2">We need this for important use <i id="close" onclick="closeDesc2()" class="fas fa-times-circle"></i><br><a style="color: blue;"> Read more (soon)</a></div>
                       <div id="emailshow"><input type="checkbox" id="emailshow-input" name="emailshow" value="showemail"><label style="text-decoration: underline;" data-tooltip="When this option is enabled, other users will be able to see your email on your profile." for="emailshow-input">Show on profile</label></div>
                       <input id="passwordfield" type="password" placeholder="Password*" name="password_1">
                       <div onclick="passwordVisb()" class="visb-innerhtml"><i id="visbcon" class="fas fa-eye"></i><label style="cursor: pointer;" id="visb-innerhtml"> Show password</label></div>
                       <input type="password" placeholder="Confirm password*" name="password_2" onfocus="showDesc3()">
                       <div id="desc3">Remember the entered password? <i id="close" onclick="closeDesc3()" class="fas fa-times-circle"></i></div>
                       </div>
                    </div>
                       <div class="details-wrapper">
                         <div class="details-title">YOUR DETAILS</div>
                           <div class="details-fields1">
                             <input type="text" placeholder="Firstname*" name="fname" onfocus="showDesc4()">
                             <div id="desc4">Your firstname <i id="close" onclick="closeDesc4()" class="fas fa-times-circle"></i></div>
                             <div id="fnameshow"><input type="checkbox" id="fnameshow-input" name="fnameshow" value="1"><label style="text-decoration: underline;" data-tooltip="When this option is enabled, other users will be able to see your firstname on your profile." for="fnameshow-input">Show on profile</label></div>
                             <input type="text" placeholder="Lastname*" name="lname" onfocus="showDesc5()">
                             <div id="desc5">Your lastname  <i id="close" onclick="closeDesc5()" class="fas fa-times-circle"></i></div>
                             <div id="lnameshow"><input type="checkbox" id="lnameshow-input" name="lnameshow" value="1"><label style="text-decoration: underline;" data-tooltip="When this option is enabled, other users will be able to see your lastname on your profile." for="lnameshow-input">Show on profile</label></div>
                           <div class="gendersec">
                             <input id="genm" type="radio" name="sex" value="male">
                             <label for="genm">Male</label>
                             <input id="genf" type="radio" name="sex" required value="female">
                             <label for="genf">Female</label>
                             <input id="genc" type="radio" name="sex" value="custom">
                             <label for="genc" style="text-decoration: underline;" data-tooltip="Select this option if you do not want to tell us what your gender is or if you do have another gender not listed here." data-tooltip-location="top">Custom</label>
                           </div>
                             <input type="text" onkeypress="return false;" name="bday" autocomplete="off" placeholder="Birthday*" id="birthdaypicker">
                         </div>
                          <div class="details-fields2">
                            <?php include_once 'C:/xampp2/htdocs/includes/lang-select.php' ?>
                            <!-- <div id="tags-input">
                              <span>Socialhub</span>
                               <input type="text" disabled value="" placeholder="Interests (coming soon)">
                            </div> !-->
                            <p style="color: orange;">More options coming soon!</p>
                          </div>
                          </div>
                         <div class="settings-wrapper">
                           <div class="settings-title">QUICK SETTINGS</div>
                             <div class="settings-fields1">
                               <input type="checkbox" id="privateacc-input" name="privateacc" value="privateacctrue"><label for="privateacc-input" style="text-decoration: underline;" data-tooltip="If you enable this option, then the content of your account will be hidden for other users (they can still visit your account but they can't see the content). From your profile picture to your latest post will be hidden.">Private account</label>
                               <select class="profilestyle" name="profilestyle">
                                 <option selected disabled>Select a style for your profile...</option>
                                 <option value="default">Default (orange & green)</option>
                                 <option value="red">Red</option>
                                 <option value="black">Black</option>
                                 <option disabled>These are coming soon for sure, stay tuned!</option>
                                 <option disabled>Yellow</option>
                                 <option disabled>Blue</option>
                                 <option disabled>Pink</option>
                                 <option disabled>...</option>
                                </select>
                               <p style="margin-top: 50px; color: orange;">More settings coming soon!</p>
                            </div>
                         </div>
              <div class="bottom-wrapper">
                <div class="bottom-topframe">
                   <a href="/" class="btn-back"><i class="fas fa-arrow-left"></i> Nevermind!</a>
                   <div class="agree-wrapper">
                     <input type="checkbox" id="agreetos-input" name="agreetos" value="tosagreed" onchange="document.getElementById('btnsubmit_reg').disabled = !this.checked;"><label for="agreetos-input">I agree with the Terms of Service (coming soon)</label>
                     <input type="checkbox" id="verifyage-input" name="verifyage" value="ageverified"><label for="verifyage-input">I am 13 years or older</label>
                    </div>
                    <input type="hidden" id="g-recaptcha-response" name="g-recaptcha-response">
                    <button type="submit"  disabled name="reg_user" id="btnsubmit_reg" class="btnsubmit_reg">Sign up</button>
                </div>

Thanks already. (Sorry for the search, big form)

Sow.
  • 5
  • 3
  • 1
    Does this answer your question? ["Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP](https://stackoverflow.com/questions/4261133/notice-undefined-variable-notice-undefined-index-and-notice-undefined) – Nico Haase Apr 21 '20 at 10:36

2 Answers2

-1

This will help you, and like @Moayad .AlMoghrabi said you really should use better security also when it is local. Learn yourself always to write secure code.

$email = mysqli_real_escape_string($conn, $_POST['email']);

$email = isset($_POST['email']) ? mysqli_real_escape_string($conn, $_POST['email']) : '';

By checking your post values like this your variable will always have a value or a empty string.

E_net4
  • 27,810
  • 13
  • 101
  • 139
Baracuda078
  • 677
  • 1
  • 5
  • 10
  • Tried to implement it, didn't work. Maybe i implemented it wrong? Did it like this: ``` // Initializing variables $username = ""; $email = ""; $email_show = ""; ``` and ``` $email_show = isset($_POST['emailshow']) ? mysqli_real_escape_string($conn, $_POST['emailshow']) : ''; $email_show = mysqli_real_escape_string($conn, $_POST['emailshow']); ``` (email field you set, was a fine working one or is it insecure?) – Sow. Apr 21 '20 at 10:43
  • That will not work, you get the undefined error because you try to get a value of the post array that doesnt exist. The check I wrote needs to be done on every variable you try to get from the post array – Baracuda078 Apr 21 '20 at 10:48
  • My example is only showing how to prevent undefined post variables, for security you need to do other checks. Like filter_var to check if the given email really is a email address and some more checks to prefent sql injections and other security risks. Try to learn prepared statments its easy to use and has a better default security – Baracuda078 Apr 21 '20 at 10:50
  • Is it still needed to initialise the variables like i did before (check top of question)? @Baracuda078 – Sow. Apr 21 '20 at 10:56
  • @Sow for what do you need them? I dont see you use them before your post request getting used – Baracuda078 Apr 21 '20 at 11:05
  • I think these set the values empty when you submit with an empty field. Not sure, the script was not made by me found it and used it. It was a default one so i made it more advanced wich got me in this trouble in first place. They have been there the whole time without me changing it, scared to break things. – Sow. Apr 21 '20 at 11:45
-2

I recommend you in order to fix this issue and to have more security as this code can be used in Mysql Injection easily, You have to escape all values from POST then you have to check if it is empty give it a default values.

Moayad .AlMoghrabi
  • 1,249
  • 1
  • 11
  • 18
  • Could you give me an example code or a helpful link to do this? (The SQL Injection does not matter for the most part, its a local project and always will be. But np, would love to learn more secure ways aswell) – Sow. Apr 21 '20 at 10:30
  • How does escaping anything solve the problem of undefined indices? Additionally, please share some examples for that – Nico Haase Apr 21 '20 at 10:36
  • @NicoHaase, I mentioned above **to have more security**!! and you can escape values like this `$username = mysqli_real_escape_string($conn, $_POST['username']);` Which is already been edited to your code. To fix undefined index is happening I think with your checkbox input type, so you have to check `if (empty($value)) {/*do stuff*/}` like setting a default value for it – Moayad .AlMoghrabi Apr 21 '20 at 10:45
  • @Moayad.AlMoghrabi I did escape already so my code was secure of the first tie i think. And i tried what you said with empty($value) but it didnt resolve the issue. It could be fixed with pushing an error on the array but since its a not required field i cant do that. – Sow. Apr 21 '20 at 10:48
  • @Sow. You don't have to push an error, you have to set a value for **sex** field for example by default **(Radio and Checkbox input if not checked then they will not be pushed in POST array)** and check any field you are receiving and you want to insert its value to database like this: `$sex = 'male';` `if (!empty($_POST['sex'])) { $sex = mysqli_real_escape_string ($conn, $_POST['sex'] ); }` – Moayad .AlMoghrabi Apr 21 '20 at 10:54