Member Avatar for danielbala

hi...
this is my index page...

include("config.php");
session_start();

if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from form 

$myusername=addslashes($_POST['username']); 
$mypassword=addslashes($_POST['password']); 

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);

$sql="SELECT id FROM admin WHERE username='$myusername' and passcode='$mypassword'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$active=$row['active'];

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
session_register("myusername");
session_register("mypassword"); 

$_SESSION['login_user']=$myusername;

header("location: welcome.php");
}
else 
{
$error="Your Login Name or Password is invalid";
}
}
?>

im getting the error as
undefined index username and password at the lines 10 and 11

please help me to solve this error

Edited by Reverend Jim because: closed
  • 5 Contributors
  • 9 Replies
  • 10K Views
  • 6 Years Discussion Span
  • Latest Post Latest Post by 3.15127E+11

Recommended Answers

All 9 Replies

Member Avatar for fobos

first off, you cannot put session_start() at the top of a login page, because there is no session yet. I would just take out $_SERVER["REQUEST_METHOD"] == "POST") unless you know that the variables are being posted. Try this because i have a feeling you got this from another website.. Also, you dont need to make a session variable on the login screen because you are already going to register the username. If you want to register more variables, then add them to the to session_register.

session_register("myusername");
session_register("mypassword"); 
// Dont Need
$_SESSION['login_user']=$myusername;
<?php
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
session_register("active");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
Edited by fobos because: n/a
Member Avatar for diafol

You CAN and perhaps should put session_start() at the head of the page.

Do not use session_register:

"This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged."

from the php manual.

session_start();
include("config.php");
if(isset($_POST['username']) && isset($_POST['password']) && !empty($_POST['username']) && !empty($_POST['password'])){
  $myusername=mysql_real_escape_string($_POST['username']); 
  $mypassword=mysql_real_escape_string($_POST['password']); 

  $sql="SELECT id FROM admin WHERE username='$myusername' and passcode='$mypassword'";
  $result=mysql_query($sql);
  if(mysql_num_rows($result)){
    $_SESSION['login_user']=$myusername;
    //what's the purpose of active?? does it do anything?
    header("location: welcome.php");
  }else{
    $error="Your Login Name or Password is invalid";
  }
}
Edited by diafol because: n/a
commented: I was just about to say the same +6
Member Avatar for danielbala

first off, you cannot put session_start() at the top of a login page, because there is no session yet. I would just take out $_SERVER["REQUEST_METHOD"] == "POST") unless you know that the variables are being posted. Try this because i have a feeling you got this from another website.. Also, you dont need to make a session variable on the login screen because you are already going to register the username. If you want to register more variables, then add them to the to session_register.

session_register("myusername");
session_register("mypassword"); 
// Dont Need
$_SESSION['login_user']=$myusername;
<?php
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
session_register("active");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

sorry guys i tried both the codings still im not getting the answer

can u give suggest me some other login page with codings

Member Avatar for pritaeas

What is the problem you are having now? Include code and error, if any.

Member Avatar for fobos

Are you able to echo username and password after the if($_SERVER["REQUEST_METHOD"] == "POST")?

Member Avatar for diafol

ARe you sure that the form field names are username and password. The names are username and passcode in th DB. Just wondering.

Member Avatar for danielbala

ARe you sure that the form field names are username and password. The names are username and passcode in th DB. Just wondering.

hi guys.............

i got the output.............

variable names were wrong...

thx......for helping me

Member Avatar for fobos

mark solved and rep points

Member Avatar for 3.15127E+11

this is my html code
<html> <head> <h1 align=center>LOGIN PAGE</h1> </head> <body align=center> <div align=center> <form method="post" action="welcome.php" > <label>USERNAME</label> <input type="text" value=""></input> <br><br> <label>PASSWORD</label> <input type="password" value=""></input><br><br> <input type="submit" value="submit"></input><br><br> </form> </div> </body> </html>

and this is my php code

<html> <body>
WELCOME

<?php
$a = $_POST['name'];
echo var_dump($a);
?>

YOUR LOGIN IS SUCCESSFUL
</body> </html>

but when i click submit i keep getting this error
WELCOME
Notice: Undefined index: name in /opt/lampp/htdocs/phpvalidations/welcome.php on line 5
YOUR LOGIN IS SUCCESSFUL

commented: Dont hijack a 6 year old thread. Start your own. +0
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.