0

I am having the following errors after running this code for my login.

**Notice: Undefined index: user_name in C:\xampp\htdocs\fyp\cms\cms.php on line 52

Notice: Undefined index: user_id in C:\xampp\htdocs\fyp\cms\cms.php on line 54\

login.php

<?php
session_start();
 ?>
<?php include_once("../includes/connection.php"); ?>
<!DOCTYPE html>
<html lang='en'>
<head>
    <meta charset="UTF-8" /> 
    <title>
        HTML Document Structure
    </title>
    <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>

<div id="wrapper">

<?php
$current_page = $_SERVER['PHP_SELF'];
?>
    <form name="login-form" class="login-form" action= "<?php echo $current_page; ?>" method="post">

        <div class="header">
        <h1>Login Form</h1>
        <span>Fill out the form below to login to my super awesome imaginary control panel.</span>
        </div>

        <div class="content">
        <input name="username" type="text" class="input username" placeholder="Username" />
        <div class="user-icon"></div>
        <input name="password" type="password" class="input password" placeholder="Password" />
        <div class="pass-icon"></div>     
        </div>



        <div class="footer">
        <input type="submit" name="button" value="submit" class="button" />
        <a href="../qmc-reg/reg.php" style="color:#000" >  Register</a>
        </div>

    </form>
<?php
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];

$query_one  = "SELECT * ";
$query_one .= "FROM users ";
$query_one .= "WHERE user_name = '".$username."' ";
$query_one .= "AND user_pass = '".$password."' ";
$query_one .= "LIMIT 1";

$result = mysql_query($query_one) or die(mysql_error());
$count = mysql_num_rows($result) or die(mysql_error());


if ($count == 1){
//$something  = mysql_fetch_array($count);

while ($something = mysql_fetch_array($result)){
        $something['user_id'];
        $something['user_name'];
        $something['user_pass'];



// if ($count > 0 ){

// $_SESSION['user_id'] = $something['user_id'];
// $_SESSION['user_name'] = $something['user_name'];
// $_SESSION['user_pass'] = $something['user_pass'];

// $salt = "cas212c";
// $hash = sha1($password, $salt);

// if ($password == $hash){


session_write_close();

header("location: ../cms/cms.php");
}
}
else{
    echo "<div> Invalid Credentials </div>";
}
}

?>
</div>
<div class="gradient"></div>
</body>
</html>  

cms.php

<?php 
session_start();
 ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>QMC Home</title>
</head>

<body>
<?php
$connection = mysql_connect('localhost','root','');
if(!$connection){
die("Database Connection Failed". mysql_error());
}
$select_db = mysql_select_db('hamdard_attendance');
if(!$select_db){
die("Database Connection Failed" . mysql_error());
}
$something = isset($_SESSION['user_name'])?$_SESSION['user_name']:'';
if($something){
$_SESSION['user_name']=$something;
}
$something = isset($_SESSION['user_id'])?$_SESSION['user_id']:'';
if($something){
$_SESSION['user_id']=$something;
}
?>
<div id="container">
        <div id="header">
            <h1 style="text-align:left">Quality Management<span class="off"> Cell</span></h1>

        </div>   

        <div id="menu">
            <ul>
                <li class="menuitem"><a href="cms.php">Home</a></li>
                <li class="menuitem"><a href="cms-attendance.php">Attendance</a></li>
                <li class="menuitem"><a href="cms-courses.php">Courses</a></li>
                <li class="menuitem"><a href="cms-settings.php">Settings</a></li>

            </ul>
            <a style="text-align:right" href="cms-logout.php">Logout</a>
        </div>

        </div>        
        <div id="content">
        <div id="content_top"></div>
        <div id="content_main">
<p> Welcome <?php echo $_SESSION['user_name'];?> </p>
<?php                                
$query_three = "SELECT s.stdnt_name, c.course_name FROM students s inner JOIN student_courses sc ON sc.student_id = s.stdnt_rfid_tag INNER JOIN users u ON s.stdnt_name = u.name INNER JOIN courses c ON c.course_id = sc.course_id where u.user_id = '".$_SESSION['user_id']."'"; 
$result_attendance3 = mysql_query($query_three) or die(mysql_error());
echo "<table border='1': border-color: silver;'>";
echo "<tr>";
echo "<td align='center' width='200'>" . "<h4>"."Student Name" ."</h4>". "</td>";
echo "<td align='center' width='200'>". "<h4>"."Course Name" ."</h4>". "</td>";
echo "</tr>";
echo "</table>";
while($row = mysql_fetch_array($result_attendance3)){
echo "<br />";
//echo "<td align='center' width='200'>".$row['st_classes_attempt'] . "</td>";
echo "<table border='1': border-color: silver;'>";
echo "<tr>";
echo "<td align='center' width='200'>".$row['stdnt_name'] . "</td>";
echo "<td align='center' width='200'>".$row['course_name'] . "</td>";
//echo "<td align='center' width='200'>".$row['st_classes_attempt'] . "</td>";
echo "</tr>";
echo "</table>";
} 
?>

            <p>&nbsp;</p>
            <p>&nbsp;</p>

        <div id="content_bottom"></div>


      </div>
   </div>
</body>
</html>

can any buddy help?

3
Contributors
4
Replies
30
Views
2 Years
Discussion Span
Last Post by darkagn
0

I don't think you want to close the session in login.php using the call to session_close_write. Also, your session setting is commented out, you will need to set each $_SESSION variable before calling cms.php.

Just a side note on your SQL, you should consider looking into parameterised queries. Your code as written is prone to SQL injection attacks because you pass through your $_SESSION or $_POST variables without parsing them.

0

i have done the following ammendments but problem remains the same.....

<?php
session_start();
 ?>
<?php include_once("../includes/connection.php"); ?>
<!DOCTYPE html>
<html lang='en'>
<head>
    <meta charset="UTF-8" /> 
    <title>
        HTML Document Structure
    </title>
    <link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>

<div id="wrapper">

<?php
$current_page = $_SERVER['PHP_SELF'];
?>
    <form name="login-form" class="login-form" action="<?php echo $current_page; ?>" method="post">

        <div class="header">
        <h1>Login Form</h1>
        <span>Fill out the form below to login to my super awesome imaginary control panel.</span>
        </div>

        <div class="content">
        <input name="username" type="text" class="input username" placeholder="Username" />
        <div class="user-icon"></div>
        <input name="password" type="password" class="input password" placeholder="Password" />
        <div class="pass-icon"></div>     
        </div>



        <div class="footer">
        <input type="submit" name="button" value="submit" class="button" />
        <a href="../qmc-reg/reg.php" style="color:#000" >  Register</a>
        </div>

    </form>
<?php
if (isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];

$query_one  = "SELECT * ";
$query_one .= "FROM users ";
$query_one .= "WHERE user_name = '".$username."' ";
$query_one .= "AND user_pass = '".$password."' ";
$query_one .= "LIMIT 1";

$result = mysql_query($query_one) or die(mysql_error());
$count = mysql_num_rows($result) or die(mysql_error());


if ($count == 1){
//$something  = mysql_fetch_array($count);

while ($something = mysql_fetch_array($result)){
        $something['user_id'];
        $something['user_name'];
        $something['user_pass'];



if ($count > 0 ){
$_SESSION['user_id'] = $something['user_id'];
$_SESSION['user_name'] = $something['user_name'];
$_SESSION['user_pass'] = $something['user_pass'];

 $salt = "cas212c";
 $hash = sha1($password, $salt);

if ($password == $hash){


//session_write_close();

header("location: ../cms/cms.php");
}
else{
    echo "<div> Invalid Credentials </div>";
}
}
}}}
?>
</div>
<div class="gradient"></div>
</body>
</html>  
0

I've noticed on your codes, why are you still using mysql_? I have not seen this for a while. Use either PDO or MySQLI. mysql_ has already been abandoned and the authors have not intension of any future upgrade.

Edited by lorenzoDAlipio: more data

0

Lines 62-64 in login.php don't appear to be doing anything. Can you print the values of the $something variable via var_dump after line 64 and check what is going on?

It's been a while since I used mysql, but I think the while loop should be

while (($something = mysql_fetch_array($result)) !== FALSE)

Edited by darkagn

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.