help me fix this session code.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
m2babaey
Forum Contributor
Posts: 364
Joined: Sun May 20, 2007 9:26 am

help me fix this session code.

Post by m2babaey »

Hi
I use the code below. but the first time i load the page, it says:
Notice: Undefined index: username in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 5
Notice: Undefined index: pass in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 6
Login Required
You must log in to access this area of the site. If you are not a registered user, click here to sign up for instant access!
then bring the login form
after i enter the username ans pass, it brings the form again and asks for username and pass"
please help me setup my session code. thanks

accesscontrol.php:

Code: Select all

<?php
session_start();
include_once 'db.php';
include_once 'common.php';
$uid = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username'];
$pwd = isset($_POST['pass']) ? $_POST['pass'] : $_SESSION['pass'];

if(!isset($username)) {
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Please Log In for Access </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
  <h1> Login Required </h1>
  <p>You must log in to access this area of the site. If you are
     not a registered user, <a href="signup.php">click here</a>
     to sign up for instant access!</p>
  <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    User ID: <input type="text" name="username" size="8" /><br />
    Password: <input type="password" name="pass" SIZE="8" /><br />
    <input type="submit" value="Log in" />
  </form></p>
  </body>
  </html>
  <?php
  exit;
}

$_SESSION['username'] = $_POST['username'];
$_SESSION['pass'] = $_POST['pass'];
$username = $_POST['username'];
$pass = $_POST['username'];
dbConnect("articles");
$sql = "SELECT * FROM user WHERE username = '$username' AND pass ='$pass'";
$result = mysql_query($sql);
if (!$result) {
  error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact you@example.com.');
}

if (mysql_num_rows($result) == 0) {
  unset($_SESSION['username']);
  unset($_SESSION['pass']);
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Access Denied </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
     registered user on this site. To try logging in again, click
     <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
     access, click <a href="signup.php">here</a>.</p>
  </body>
  </html>
  <?php
  exit;
}

$username = mysql_result($result,0,'username');
?>
db.php:

Code: Select all

<?php // db.php

$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';

function dbConnect($db='') {
    global $dbhost, $dbuser, $dbpass;
    
    $dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass)
        or die('cannot connect to database');

    if ($db!='' and !@mysql_select_db(articles))
        die('database is not available');
    
    return $dbcnx;
}
?>
is not required to be mentioned here but to complete, common.php:

Code: Select all

<?php // common.php

function error($msg) {
    ?>
    <html>
    <head>
    <script language="JavaScript">
    <!--
        alert("<?=$msg?>");
        history.back();
    //-->
    </script>
    </head>
    <body>
    </body>
    </html>
    <?
    exit;
}
?>
djot
Forum Contributor
Posts: 313
Joined: Wed Jan 14, 2004 10:21 am
Location: planet earth
Contact:

Post by djot »

-
Read the error messages. If you don't understand them, try to search for them.
Notice: Undefined index: username in g:\programs(2)\easyphp1-8\www\ha\accesscontrol.php on line 5
Read:
1. Error Level: "Notice" (not parse error)
2. undefined index: an array key/index is not initialized
3. the index: "username"
4. file ... the file
5. line: 5!


Solution:

initialize (all) variables!

Code: Select all

if (!isset($_SESSION['username'])) { $_SESSION['username'] = ''; }
Put this after session_start();

djot
-
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Or, rather than defining variables without giving them values, check first.

You're code says: "If $_POST['username'] doesn't exist, SURELY $_SESSION['username'] does."
However, the only way for $_SESSION['username'] and $_SESSION['pass'] to exist in you're code is for $_POST['username'] and $_POST['pass'] to exist first, as that is the only time that you assign values to your session variables.

So, change this:

Code: Select all

$uid = isset($_POST['username']) ? $_POST['username'] : $_SESSION['username'];
To this:

Code: Select all

if(isset($_POST['username']))
{
    $uid = $_POST['username'];
}
else if(isset($_SESSION['username']))
{
    $uid = $_SESSION['username']
}
And do the same for $pwd.


Although... Nowhere in your code do you even use $uid or $pwd... Why do you even bother setting them?
m2babaey
Forum Contributor
Posts: 364
Joined: Sun May 20, 2007 9:26 am

Post by m2babaey »

SUCCESS!
thanks :P
i'll create another topic for another problem :oops:
Post Reply