Page 1 of 1

Undfined Variable

Posted: Fri Jul 04, 2003 2:31 pm
by blood
PROBLEM IS -> UNDEFINED VARIABLE - PhpManger Script.

COMMENT: I am having a small problem with "Undefined Variable" when submitting a form.
I was wondering if someone could help me resolve this issue. I'm not a programmer by far,
but do understand a little bit of perl, php & html. Below you will find Apache's
error_log and a copy of the form that is used to submit. Also I've included the *.sql
file used to build the MySql Database definitions.

INFORMATIONAL: The $adminname and $password was inserted into the database (phpmanger_db) along
with all other definitions according to the "phpmanger.sql" file. I noticed only the password
was only Md5 encrypted inside the database. Maybe this is the way its suppose to be?

ASSUMPTION: I'm assuming there is something wrong with the _setcookie functions?
At first I thought I should define a definate defined variables as such:

$adminname = "superman";

then I tried to define;

setcookie ("logonname", "admin");
setcookie ("logonid", "1");

But If I did this then anyone could possible log in?

so, I'm lost. Any help would be greatly appreciated. The index.php below was left at its' orignal state.

/////////////////
// APACHE_ERROR
/////////////////

APACHE ERROR_LOG.TXT

[client XX.XX.XXX.XXX] PHP Notice: Undefined variable: adminname in D:\usr\www\website1\htdocs\phpmanager\admin\index.php on line 26, referer: http://www.website1.com/phpmanager/admin/index.php
[client XX.XX.XXX.XXX] PHP Notice: Undefined variable: password in D:\usr\www\website1\htdocs\phpmanager\admin\index.php on line 27, referer: http://www.website1.com/phpmanager/admin/index.php
[client XX.XX.XXX.XXX] PHP Notice: Undefined variable: submit in D:\usr\www\website1\htdocs\phpmanager\admin\index.php on line 44, referer: http://www.website1.com/phpmanager/admin/index.php
[client XX.XX.XXX.XXX] PHP Notice: Undefined variable: PHP_SELF in D:\usr\www\website1\htdocs\phpmanager\templates\default\admin\stafflogin.inc on line 4, referer: http://www.website1.com/phpmanager/admin/index.php

///////////////////////////////////////////////////////////////
// INDEX.PHP - FORM
// This is the form that is being used as a LOGIN to phpmanager
///////////////////////////////////////////////////////////////

Code: Select all

<?php
////////////////////////////////////////////////////////////////////////
//                                                                    //
//                - phpManager, Copyright 2002 Taysoft -              //
//                                                                    //
// All scripts contained within are protected by international        //
// copyright law. Any unauthorised copying or distribution of         //
// this software will be dealt with accordingly.                      //
//                                                                    //
// Subsequently, the copyright message must not be                    //
// removed from the software. A fee of US$200 is payable to           //
// remove the copyright message. Additionally, phpManager is          //
// distributed as a single domain license (Single IP). You will       //
// be required to purchase another license if you wish to install     //
// on another domain.                                                 //
// Please note: Removal of the copyright message does NOT give        //
// you distribution rights to the software. All you are paying        //
// for is to remove the copyright message to give a more professional //
// look for your clients.                                             //
//                                                                    //
////////////////////////////////////////////////////////////////////////

setcookie ("logonname", "");
setcookie ("logonid", "");

setcookie ("logonname", $adminname);
setcookie ("logonid", md5($password));

include ("/usr/www/exoticphotogallery/htdocs/phpmanager/variables.php");
include ("$rootdirectory/languages/$language");

?>

<html>
<head>
<title><?php echo $clientmanagerlogin_title ?></title>
<LINK rel="stylesheet" type="text/css" href="../templates/<?php echo $template ?>/styles.css">
</head>
<body>

<?php

// --------------------------------------------------- IF SUBMIT IS CLICKED ---------------------------------------------------------------
if ($submit)&#123;
if (!$adminname && !$password)&#123; // IF NO USERNAME AND PASSWORD
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_userpass ?>
</td>
</tr>
</table>
<?php
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;history.go(-1);&#125;</script>";
&#125; elseif ($adminname && !$password)&#123; // IF NO PASSWORD
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_pass ?>
</td>
</tr>
</table>
<?php
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;history.go(-1);&#125;</script>";
&#125; elseif (!$adminname && $password)&#123; // IF NO USERNAME
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_user ?>
</td>
</tr>
</table>
<?php
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;history.go(-1);&#125;</script>";
&#125; else &#123; // VERIFY USERNAME AND PASSWORD
$secureuser = md5($adminname);
$encryptedpassword = md5($password);
$sql = "SELECT * FROM staff WHERE adminname='$adminname' AND password='$encryptedpassword'";
$result = mysql_query($sql);
if(mysql_num_rows($result)) &#123; // IF VERIFIED
$myrow = mysql_fetch_array($result);
$id = $myrow&#1111;"id"];
$access = $myrow&#1111;"access"];
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_thankyou ?> <?php echo $adminname ?>.
</td>
</tr>
</table>
<?php
if ($access=="breach")&#123;
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;window.location='http://www.yahoo.com';&#125;</script>";

&#125; else &#123;
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;window.location='index2.php';&#125;</script>";
&#125;
&#125; else &#123;
?>
<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<?php echo $login_error ?>
</td>
</tr>
</table>
<?php
echo "<script>window.setTimeout('changeurl();',2000); function changeurl()&#123;history.go(-1);&#125;</script>";
&#125;
&#125;
&#125; else &#123;
// ----------------------------------------------- END IF SUBMIT IS CLICKED ---------------------------------------------------------------

// ----------------------------------------------- PAGE FORMATTING STARTS HERE ---------------------------------------------------------------

include ("../templates/$template/admin/stafflogin.inc"); //

&#125;

?>

</body>
</html>
////////////////////////////
// phpmanger sql
///////////////////////////

CREATE TABLE clients (
id int(4) NOT NULL auto_increment,
surname varchar(20) default NULL,
firstname varchar(20) default NULL,
telephone varchar(20) default NULL,
email varchar(30) default NULL,
icq varchar(10) default NULL,
referrer varchar(20) default NULL,
house varchar(20) default NULL,
street varchar(50) default NULL,
town varchar(50) default NULL,
state varchar(20) default NULL,
country varchar(20) default NULL,
postcode varchar(10) default NULL,
domainname varchar(20) default NULL,
domain varchar(10) default NULL,
package varchar(100) default NULL,
schedule varchar(11) default NULL,
payment varchar(11) default NULL,
username varchar(10) default NULL,
password varchar(32) default NULL,
ipaddress varchar(20) default NULL,
startdate varchar(8) default NULL,
invoicedate varchar(10) default NULL,
duedate varchar(10) default NULL,
amount varchar(10) default NULL,
paid char(3) default NULL,
status varchar(10) default NULL,
notes varchar(255) default NULL,
language varchar(50) default NULL,
template varchar(50) default NULL,
PRIMARY KEY (id),
UNIQUE KEY id(id));

CREATE TABLE pending (
id int(4) NOT NULL auto_increment,
surname varchar(20) default NULL,
firstname varchar(20) default NULL,
telephone varchar(20) default NULL,
email varchar(30) default NULL,
icq varchar(10) default NULL,
referrer varchar(20) default NULL,
house varchar(20) default NULL,
street varchar(50) default NULL,
town varchar(50) default NULL,
state varchar(20) default NULL,
country varchar(20) default NULL,
postcode varchar(10) default NULL,
domainname varchar(20) default NULL,
domain varchar(10) default NULL,
package varchar(100) default NULL,
schedule varchar(11) default NULL,
payment varchar(11) default NULL,
username varchar(10) default NULL,
password varchar(32) default NULL,
amount varchar(10) default NULL,
PRIMARY KEY (id),
UNIQUE KEY id(id));

CREATE TABLE plans (
id int(4) NOT NULL auto_increment,
package varchar(100) default NULL,
monthly varchar(10) default NULL,
quarterly varchar(10) default NULL,
biannually varchar(10) default NULL,
yearly varchar(10) default NULL,
nochex_monthly varchar(255) default NULL,
nochex_quarterly varchar(255) default NULL,
nochex_biannually varchar(255) default NULL,
nochex_yearly varchar(255) default NULL,
paypal_monthly varchar(255) default NULL,
paypal_quarterly varchar(255) default NULL,
paypal_biannually varchar(255) default NULL,
paypal_yearly varchar(255) default NULL,
cc_monthly varchar(255) default NULL,
cc_quarterly varchar(255) default NULL,
cc_biannually varchar(255) default NULL,
cc_yearly varchar(255) default NULL,
KEY id(id));

CREATE TABLE staff (
id int(4) NOT NULL auto_increment,
adminname varchar(20) default NULL,
password varchar(32) default NULL,
access varchar(10) default NULL,
language varchar(50) default NULL,
template varchar(50) default NULL,
PRIMARY KEY (id),
UNIQUE KEY id(id));

INSERT INTO staff VALUES (1, 'admin', '21232f297a57a5a743894a0e4a801fc3', 'Superadmin', 'english.inc', 'default');

CREATE TABLE support (
ticketno int(4) NOT NULL auto_increment,
username varchar(10) default NULL,
email varchar(30) default NULL,
url varchar(100) default NULL,
subject varchar(255) default NULL,
description longtext,
status varchar(10) default NULL,
admin varchar(20) default NULL,
date varchar(16) default NULL,
PRIMARY KEY (ticketno),
UNIQUE KEY id(ticketno));

CREATE TABLE transactions (
id int(4) default NULL,
details varchar(255) default NULL,
date varchar(8) default NULL);

CREATE TABLE variables (
language varchar(30) default NULL,
template varchar(30) default NULL,
clientmanagerlogin_title varchar(100) default NULL,
clientmanager_title varchar(100) default NULL,
accountmanagerlogin_title varchar(100) default NULL,
accountmanager_title varchar(100) default NULL,
admin_email varchar(100) default NULL,
accounts_email varchar(100) default NULL,
supports_email varchar(100) default NULL,
checkout_email varchar(100) default NULL,
revecom_email varchar(100) default NULL,
paypal_email varchar(100) default NULL,
worldpay_email varchar(100) default NULL,
company varchar(100) default NULL,
processor varchar(50) default NULL,
dateformat char(2) default NULL,
instId varchar(10) default NULL,
currency varchar(10) default NULL,
worldpayPW varchar(20) default NULL,
cp varchar(20) default NULL,
currencytype char(1) default NULL);

INSERT INTO variables VALUES ('english.inc', 'default', 'phpManager - Staff Login', 'phpManager - Client Manager', 'phpManager - Client Login', 'phpManager - Account Manager', 'anything@yourdomain.com', 'anything@yourdomain.com', 'anything@yourdomain.com', 'anything@yourdomain.com', 'anything@yourdomain.com', 'anything@yourdomain.com', 'anything@yourdomain.com', 'YOUR COMPANY', 'None', 'US', 'Optional', 'Optional', 'Optional', 'None', '$');

Could this be why form not processing? <form method="

Posted: Fri Jul 04, 2003 6:28 pm
by blood
THIS IS THE FORM'S SOURCE CODE WHEN GOING TO THE URL
http://mysite.com/index.php

TAKE A LOOK AT THE <form method="post" action="">

Shouldn't there be somthing in the quotations (action="") ??

Maybe this is why the form is not being processed? When I enter
in the username and password the page just sits there and the
error messages are appended to my Apache error_log as mention
in the initial post of this article.



<html>
<head>
<title>phpManager - Staff Login</title>
<LINK rel="stylesheet" type="text/css" href="../templates/default/styles.css">
</head>
<body>

<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<form method="post" action="">
<table border="0" cellspacing="0" cellpadding="2">
<tr>
<td align="right" class="main">
Username: <input type="text" class="formfield" name="adminname">
</td>
</tr>
<tr>
<td align="right" class="main">
Password: <input type="password" class="formfield" name="password">
</td>
</tr>
<tr>
<td align="center">
<input type="Submit" name="submit" value="Login" class="formfield">
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>


Also here is the Stafflogin.inc that the script calls. Take
a look at the line in blue:


<table width="570" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="570" height="360" align="center" class="main">
<form method="post" action="<?php echo $PHP_SELF ?>">
<table border="0" cellspacing="0" cellpadding="2">
<tr>
<td align="right" class="main">
Username: <input type="text" class="formfield" name="adminname">
</td>
</tr>
<tr>
<td align="right" class="main">
Password: <input type="password" class="formfield" name="password">
</td>
</tr>
<tr>
<td align="center">
<input type="Submit" name="submit" value="Login" class="formfield">
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>