0
<?php
$username = "system";
$password = "Mwasif2001";
$connectionString = "localhost/ORCL";

$conn = oci_connect($username, $password, $connectionString);
if (!$conn) {
    $e = oci_error();
    trigger_error(htmlentities($e['message'], ENT_QUOTES), E_USER_ERROR);
}
// username and password sent from form 
$tbl_name = 'USERS';
if(isset($_POST['username']) && isset($_POST['pass']))
{
   $username=$_POST['username']; 
   $password=$_POST['pass']; 
}
else
{
    echo ('i am here');
}

// To protect MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['pass']);

$sql="SELECT * FROM $tbl_name WHERE username='$username'";
echo $sql;

$stid = oci_parse($conn, "SELECT * FROM $tbl_name where username='$username'");
$result = oci_execute($stid);
$count = oci_num_rows($stid);

$stid1 = oci_parse($conn, "SELECT * FROM $tbl_name where user_password='$password'");
$result1 = oci_execute($stid1);
$count1 = oci_num_rows($stid1);

// If result matched $username and $password, table row must be 1 row
if($count == 1 && $count1 == 1)
{
// Register $username, $password and redirect to file "login_success.php"
session_start();
$_SESSION["username"] = $username;
header("location:login.php");
}
else if($count == 0) {
$failed = 1;
header("location:check.php?msg=failed");
}
else if($count1 == 0) {
$failed = 1;
header("location:main.php?msg1=failed");
}
?>

Hey!!!
I am getting error when i try to submit my form that is undefined index please helpme.

Edited by Nida_2

3
Contributors
11
Replies
69
Views
11 Months
Discussion Span
Last Post by AndrisP
Featured Replies
  • To prevent from SQL injection bind variables after `oci_prepare` read http://php.net/manual/en/function.oci-bind-by-name.php Read More

  • 3

    Why are you using mysqli with oracle? Two different products. See this: http://php.net/manual/en/function.oci-bind-by-name.php The `parse` function is similar to the `prepare` for mysqli and PDO. However, this isn't your issue. An empty `$_POST` variable suggests the form data is not being passed by a POST method. You do not show … Read More

0
  1. Password should be crypted!
  2. In to the lines 2 and 3 variables defined - ok. But do not need set default values because if not set both post variables then in lines 13-17 values not replaced!
  3. Lines 26 and 27 you again try to get values from post variables - any previous activities with variables $username and $password replaced in this step.

I recommend use filter_input() function

Edited by AndrisP

0

@Andrisp problem is with my post statement. I am getting error undefined index please tell me what can i do

0

It raise in line 26 if post variable not set. Use function filter_input () in lines 2 and 3. Remove lines 13-27

0

@Andrisp my php array is emtpy even after submitting the form the values are not passed in that array

3

Why are you using mysqli with oracle? Two different products. See this:

http://php.net/manual/en/function.oci-bind-by-name.php

The parse function is similar to the prepare for mysqli and PDO. However, this isn't your issue. An empty $_POST variable suggests the form data is not being passed by a POST method. You do not show your form html, so I'm assuming you either don't have a method attribute (defaults to GET) or it's actually set to GET.

Also using session_start() or header() after output ( echo "i am here" or trigger_error) probably won't work. Unless it's held in an output buffer.

0

Sorry mistake in my post oci_prepare is not a function - correct function name is oci_parse. Use similar variable names for connect to db and authorize user also is very bad idea.

Edited by AndrisP

0

This is my Html form

<form  name="myform" action="verify.php" method = "POST" enctype="multipart/form-data">
  <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
    <input class="mdl-textfield__input" type="text" id="sample3" name="USERNAME" required="" aria-required="true"/>
    <label class="mdl-textfield__label" for="sample3">Enter Username</label>
       <span class="mdl-textfield__error"><?php
      if (isset($_GET["msg"]) && $_GET["msg"] == 'failed') {
echo "Wrong Username";
}
      ?></span>

  </div>
            <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
    <input class="mdl-textfield__input" type="password" id="sample3" name="USER_PASSWORD" required="" aria-required="true"/>
    <label class="mdl-textfield__label" for="sample3">Enter Password</label>
                 <span class="mdl-textfield__error"><?php
      if (isset($_GET["msg1"]) && $_GET["msg1"] == 'failed') {
echo "Wrong Password";
}
      ?></span>
  </div>
            <div class="modal-footer">
        <button type="submit" class="btn btn-primary" name="submit">Login</button>
        <span> <a href="forgotPassword.php"> <br> Forgot Pasword? </a></span>
      </div>
</form>

Edited by Nida_2

0
  1. Replace method = "POST" without white spaces method="POST"
  2. I see in HTML form name="USERNAME" and name="USER_PASSWORD" but you try to get values from $_POST['username'] and $_POST['pass'] - it case sensitive and do not match password field name
  3. I want to remind you again PASSWORD SHOULD BE CRYPTED! Never save unencrypted passwords in the database!
  4. Your user authorization method is invalid - any user can authorize with other user name and self password

Edited by AndrisP

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.