0

When not logged in you can type URL for this page into browser and the form is still displayed. If not logged in I don't want the HTML to show - just the message saying have to log in. I'm using same session code on other pages and it works - but does give a notice of 'undefined index' which is a bit irritating. Any ideas?

<?php

session_start();

if  ($_SESSION['first_name']&& $_SESSION['username'])

echo "Welcome ".$_SESSION['first_name']."<br><a href='login/logged_out.php'>log    
out</a>";

else
die("You must be logged in. Click <a href='login/login_page.php'>here</a> to log    
in.");

?>
<html>
<head>
</head>
<body>
<form id="1" class="rounded" action="test4.php" method="post"/>
<input type="submit" name="submit"  class="button" value="5" />

<form id="2" class="rounded" action="test4.php" method="post"/>
<input type="submit" name="submit"  class="button" value="6" />

<form id="3" class="rounded" action="test4.php" method="post"/>
<input type="submit" name="submit"  class="button" value="7" />

<form id="4" class="rounded" action="test4.php" method="post"/>
<input type="submit" name="submit"  class="button" value="8" />

<form id="5" class="rounded" action="test4.php" method="post"/>
<input type="submit" name="submit"  class="button" value="9" />

<form id="6" class="rounded" action="test4.php" method="post"/>
<input type="submit" name="submit"  class="button" value="10" />

</form>
</body>
</html>
user1022772
  • 651
  • 3
  • 14
  • 29
  • Are you certain you are 'logged in'? One of the most common mistakes people make in dealing with sessions is redirecting before calling session_write_close(). – John Green Mar 14 '12 at 23:55
  • possible duplicate of [PHP: "Notice: Undefined variable" and "Notice: Undefined index"](http://stackoverflow.com/questions/4261133/php-notice-undefined-variable-and-notice-undefined-index) – animuson Mar 14 '12 at 23:57

5 Answers5

2

try this:

<?php

session_start();

if(isset($_SESSION['first_name']) && isset($_SESSION['username']) && $_SESSION['firstname']!= ''){
    echo "Welcome ".$_SESSION['first_name']."<br><a href='login/logged_out.php'>logout</a>";
}else{
    die("You must be logged in. Click <a href='login/login_page.php'>here</a> to log in.");
}
?>
Rufinus
  • 29,200
  • 6
  • 68
  • 84
1

It doesn't think that first_name and/or username are indexes in your session

Check whether first_name and/or username are set

isset($_SESSION['first_name'])

isset($_SESSION['username'])

Also you may not want to validate a boolean condition based on these values, unless they are booleans themselves (although first_name doesn't read like a boolean value).

Shane
  • 31
  • 2
0

I'm not specifically sure what the "not starting" issue is. The undefined index can be prevented by checking with isset. Your code can also improve by using speaking variable names and parenthesis with curly brackets for the if / else part:

session_start();
$isLoggedIn = isset($_SESSION['first_name']) && isset($_SESSION['username']);
if ($isLoggedIn)
{
    echo "Welcome ", htmlspecialchars($_SESSION['first_name']), 
         "<br><a href='login/logged_out.php'>log out</a>";

}
else
{
    echo "You must be logged in. Click <a href='login/login_page.php'>here</a> to log in.";
    return;
}

This variant also uses return instead of die, to give back the program flow to the higher instance.

hakre
  • 193,403
  • 52
  • 435
  • 836
0

when working with sessions, you may add somewhere 

print_r($_SESSION);

to see if you have already set/unset that session.

Taha Paksu
  • 15,371
  • 2
  • 44
  • 78
-1

Your code is poorly written. I would revise to:

<?php
session_start();
if (empty($_SESSION['first_name']) || empty($_SESSION['username'])) {
    die("You must be logged in. Click <a href='login/login_page.php'>here</a> to log in.");
}
echo "Welcome " . $_SESSION['first_name'];
?>
<br><a href='login/logged_out.php'>logout</a>

You shouldn't reference array indexes unless you know that they exist.

Shad
  • 15,134
  • 2
  • 22
  • 34