0

hi...
this is my index page...

include("config.php");
session_start();

if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from form

$myusername=addslashes($_POST);
$mypassword=addslashes($_POST);


$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);

$sql="SELECT id FROM admin WHERE username='$myusername' and passcode='$mypassword'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
$active=$row;

$count=mysql_num_rows($result);


// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
session_register("myusername");
session_register("mypassword");


$_SESSION=$myusername;

header("location: welcome.php");
}
else
{
$error="Your Login Name or Password is invalid";
}
}
?>


im getting the error as
undefined index username and password at the lines 10 and 11

please help me to solve this error

4
Contributors
8
Replies
16
Views
5 Years
Discussion Span
Last Post by fobos
0

first off, you cannot put session_start() at the top of a login page, because there is no session yet. I would just take out $_SERVER["REQUEST_METHOD"] == "POST") unless you know that the variables are being posted. Try this because i have a feeling you got this from another website.. Also, you dont need to make a session variable on the login screen because you are already going to register the username. If you want to register more variables, then add them to the to session_register.

session_register("myusername");
session_register("mypassword"); 
// Dont Need
$_SESSION['login_user']=$myusername;
<?php
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
session_register("active");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

Edited by fobos: n/a

2

You CAN and perhaps should put session_start() at the head of the page.

Do not use session_register:

"This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged."

from the php manual.

session_start();
include("config.php");
if(isset($_POST['username']) && isset($_POST['password']) && !empty($_POST['username']) && !empty($_POST['password'])){
  $myusername=mysql_real_escape_string($_POST['username']); 
  $mypassword=mysql_real_escape_string($_POST['password']); 

  $sql="SELECT id FROM admin WHERE username='$myusername' and passcode='$mypassword'";
  $result=mysql_query($sql);
  if(mysql_num_rows($result)){
    $_SESSION['login_user']=$myusername;
    //what's the purpose of active?? does it do anything?
    header("location: welcome.php");
  }else{
    $error="Your Login Name or Password is invalid";
  }
}

Edited by diafol: n/a

Votes + Comments
I was just about to say the same
0

first off, you cannot put session_start() at the top of a login page, because there is no session yet. I would just take out $_SERVER["REQUEST_METHOD"] == "POST") unless you know that the variables are being posted. Try this because i have a feeling you got this from another website.. Also, you dont need to make a session variable on the login screen because you are already going to register the username. If you want to register more variables, then add them to the to session_register.

session_register("myusername");
session_register("mypassword"); 
// Dont Need
$_SESSION['login_user']=$myusername;
<?php
$host="localhost"; // Host name 
$username=""; // Mysql username 
$password=""; // Mysql password 
$db_name="test"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
session_register("active");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

sorry guys i tried both the codings still im not getting the answer

can u give suggest me some other login page with codings

0

Are you able to echo username and password after the if($_SERVER["REQUEST_METHOD"] == "POST")?

0

ARe you sure that the form field names are username and password. The names are username and passcode in th DB. Just wondering.

0

ARe you sure that the form field names are username and password. The names are username and passcode in th DB. Just wondering.

hi guys.............

i got the output.............

variable names were wrong...

thx......for helping me

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.