0
<?php
$username = "system";
$password = "Mwasif2001";
$connectionString = "localhost/ORCL";

$conn = oci_connect($username, $password, $connectionString);
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}
// username and password sent from form 
$tbl_name = 'USERS';
if(isset($_POST['username']) && isset($_POST['pass']))
{
   $username=$_POST['username']; 
   $password=$_POST['pass']; 
}
else
{
    echo ('i am here');
}

// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['pass']);

$sql="SELECT * FROM $tbl_name WHERE username='$username'";
echo $sql;

$stid = oci_parse($conn, "SELECT * FROM $tbl_name where username='$username'");
$result = oci_execute($stid);
$count = oci_num_rows($stid);

$stid1 = oci_parse($conn, "SELECT * FROM $tbl_name where user_password='$password'");
$result1 = oci_execute($stid1);
$count1 = oci_num_rows($stid1);

// If result matched $username and $password, table row must be 1 row
if($count == 1 && $count1 == 1)
{
// Register $username, $password and redirect to file "login_success.php"
session_start();
$_SESSION["username"] = $username;
header("location:login.php");
}
else if($count == 0) {
$failed = 1;
header("location:check.php?msg=failed");
}
else if($count1 == 0) {
$failed = 1;
header("location:main.php?msg1=failed");
}
?>

Hey!!!
I am getting error when i try to submit my form that is undefined index please helpme.

Edited by Nida_2

3
Contributors
11
Replies
67
Views
3 Months
Discussion Span
Last Post by AndrisP
Featured Replies
  • To prevent from SQL injection bind variables after `oci_prepare` read http://php.net/manual/en/function.oci-bind-by-name.php Read More

  • 3
    diafol 3,720   3 Months Ago

    Why are you using mysqli with oracle? Two different products. See this: http://php.net/manual/en/function.oci-bind-by-name.php The `parse` function is similar to the `prepare` for mysqli and PDO. However, this isn't your issue. An empty `$_POST` variable suggests the form data is not being passed by a POST method. You do not show … Read More

0
  1. Password should be crypted!
  2. In to the lines 2 and 3 variables defined - ok. But do not need set default values because if not set both post variables then in lines 13-17 values not replaced!
  3. Lines 26 and 27 you again try to get values from post variables - any previous activities with variables $username and $password replaced in this step.

I recommend use filter_input() function

Edited by AndrisP

0

@Andrisp problem is with my post statement. I am getting error undefined index please tell me what can i do

0

It raise in line 26 if post variable not set. Use function filter_input () in lines 2 and 3. Remove lines 13-27

0

@Andrisp my php array is emtpy even after submitting the form the values are not passed in that array

3

Why are you using mysqli with oracle? Two different products. See this:

http://php.net/manual/en/function.oci-bind-by-name.php

The parse function is similar to the prepare for mysqli and PDO. However, this isn't your issue. An empty $_POST variable suggests the form data is not being passed by a POST method. You do not show your form html, so I'm assuming you either don't have a method attribute (defaults to GET) or it's actually set to GET.

Also using session_start() or header() after output ( echo "i am here" or trigger_error) probably won't work. Unless it's held in an output buffer.

0

Sorry mistake in my post oci_prepare is not a function - correct function name is oci_parse. Use similar variable names for connect to db and authorize user also is very bad idea.

Edited by AndrisP

0

This is my Html form

<form  name="myform" action="verify.php" method = "POST" enctype="multipart/form-data">
  <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
    <input class="mdl-textfield__input" type="text" id="sample3" name="USERNAME" required="" aria-required="true"/>
    <label class="mdl-textfield__label" for="sample3">Enter Username</label>
       <span class="mdl-textfield__error"><?php
      if (isset($_GET["msg"]) && $_GET["msg"] == 'failed') {
echo "Wrong Username";
}
      ?></span>

  </div>
            <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
    <input class="mdl-textfield__input" type="password" id="sample3" name="USER_PASSWORD" required="" aria-required="true"/>
    <label class="mdl-textfield__label" for="sample3">Enter Password</label>
                 <span class="mdl-textfield__error"><?php
      if (isset($_GET["msg1"]) && $_GET["msg1"] == 'failed') {
echo "Wrong Password";
}
      ?></span>
  </div>
            <div class="modal-footer">
        <button type="submit" class="btn btn-primary" name="submit">Login</button>
        <span> <a href="forgotPassword.php"> <br> Forgot Pasword? </a></span>
      </div>
</form>

Edited by Nida_2

0
  1. Replace method = "POST" without white spaces method="POST"
  2. I see in HTML form name="USERNAME" and name="USER_PASSWORD" but you try to get values from $_POST['username'] and $_POST['pass'] - it case sensitive and do not match password field name
  3. I want to remind you again PASSWORD SHOULD BE CRYPTED! Never save unencrypted passwords in the database!
  4. Your user authorization method is invalid - any user can authorize with other user name and self password

Edited by AndrisP

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.