• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 278
  • Last Modified:

Why do I keep gettin "unidentified index

I know its a dumb question, but it is pissing me off. Why do I keep getting an unidenfied index error when I check a variable like if (!$HTTP_SESSION_VARS['username']){ process $_POST variables since they arent logged in; }. Of course its an unidentified index, thats what Im checking for.  I cant seem to surpress it with @, any ideas?

part 2. I have a login page, which sends the user to a home page, from there they can click on other pages.  The first time they click on a 3rd page, and then use back to go to home, it makes them hit refresh. After that, no problems.  I assume this has to to with the session variables, but I use session_start() on all my pages, and I cant figure out why this is happening.
  • 4
  • 3
  • 3
2 Solutions
use if (isset($HTTP_SESSION_VARS['username']))
you probably have login.html -> submit to home.php
now somebody goes to third.php, and then uses the back key, and now the browser resubmits the form data, like before
do this
login.html -> submit to login.php (if login ok) redirect to home.php
now the browser will  not resubmit to home.php
zixpAuthor Commented:
I would have to use if (isset($HTTP_SESSON_VARS['username'])==false). I have already tried this with the same results.
Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

As said above only you should be using $_SESSION['username'] as opposed to $HTTP_SESSION_VARS['username'], i presume you are using a recent version of php as you are referencing the post array using $_POST.

With regards to your part 2 problem, im not 100% clear what you mean, it sounds like it coul be related to the use of sessions and forms in IE 6 in which case add the following after session_start();

header("Cache-control: private");

Failing that its probably a code flow problem, make sure you make adjustments to session and local variables as well as processing before you display any output otherwise you will end up with the old data being displayed before it has been updated.
and you would want

if (!isset($HTTP_SESSON_VARS['username']))

! used for "not" so if not isset
if your code looks like this
 if (!isset($HTTP_SESSON_VARS['username'])){echo $_POST['something'];}
and you keep getting the same error, probably $_POST['something'] doesn't exist
zixpAuthor Commented:
GeG, what you said about resubmitting to home sounds about right, but my problem is that I had it set up the way you said, and it would loose the session variables.  Then I had it send the session id in the url, but I wanted to try today to get rid of that for security reasons.

Diablo84, the header("Cache-control: private"); fixed the second part, thanks a lot. If you dont mind explaining why it is that fixed it I would love to hear it.
As far as $HTTP_SESSION_VARS vs. $_SESSION is concerned, I have never had anyone give me a good reason to use the second instead of the first.  The is the way I learned (and happens to be backwards compatable).  I reffered to $_POST as shorthand, but all my variables are in full in the script.

GeG, my code is
if ( !isset($HTTP_SESSION_VARS['username'])){
      //get vars from $_POST
      if ((!$HTTP_POST_VARS['username']) || (!$HTTP_POST_VARS['pass'])){ echo "you  must log in"; exit;}
      $username = $HTTP_POST_VARS['username'];
      $pass = $HTTP_POST_VARS['pass'];

      //convert to $_SESSION
      $HTTP_SESSION_VARS['username'] = $username;
      $HTTP_SESSION_VARS['canary'] = 'set in home';
      $HTTP_SESSION_VARS['encryptpass'] = crypt(...encrypt the password....);

      //clean up variables for security
and I keep getting the unidentified index on if ((!$HTTP_POST_VARS.... This happens when I go to the page without logging in, so its not that big a deal, but I dont like errors making my variables public.
>> If you dont mind explaining why it is that fixed it I would love to hear it.

Its simply a bug local to IE6 in this very instance, basically setting the cache control to private prevents the browser making a fresh call for the data and so stops the page has expired error. This was first brought up here as far as im aware: http://www.phpfreaks.com/print.php?cmd=tutorial&tut_id=41 Scroll down a little way and you will find the relevant part.

With regards to $HTTP_SESSION_VARS vs. $_SESSION, theres no reason at the moment why you can't use the older method (unless they deprecate it at some point which is likely) except to say that $_SESSION (in the words of the manual) is preferred, as of PHP 4.1.0.
Incidently i am assuming you are getting the undefined index errors before submitting the form, the quickest fix for this is changing this line:

if ( !isset($HTTP_SESSION_VARS['username'])){


if ( !isset($HTTP_SESSION_VARS['username']) && isset($_POST)){

then the code will only be run provided the session var username is not set and the post array is set (the form has been submitted).

Also as notices are not a big issue (though its alwyas best to fix them where possible) you can just reduce the level of error checking to hide the notices from public view.

If you have access to your php.ini file and set your error reporting to hide notices (or a variation of the available options), eg:

error_reporting = E_ALL & ~E_NOTICE

If you do not have access to your php.ini file and you are using apache you can create a .htaccess file in the root of your site and add the following line:

php_value error_reporting E_ALL & ~E_NOTICE

and failing that if you just want to apply the setting for the one page you can add the following to the top of your script:

ini_set("error_reporting"," E_ALL & ~E_NOTICE");
zixpAuthor Commented:
Thanks. I tried running it only if $_POST is set, but it seems that the error comes from that very line. I know I dont *need to fix it, so the ini_set() function will work fine. Thank you
And thank you too diablo84, Ill split points
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now